Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD

All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 entries

Critical CVE-2023-27350 PaperCut · MF/NG Added Apr 21, 2023

PaperCut MF/NG Improper Access Control Vulnerability

PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2023-2136 Google · Chromium Skia Added Apr 21, 2023

Google Chrome Skia Integer Overflow Vulnerability

Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-6742 Cisco · IOS and IOS XE Software Added Apr 19, 2023

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-8526 Apple · macOS Added Apr 17, 2023

Apple macOS Use-After-Free Vulnerability

Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2023-2033 Google · Chromium V8 Added Apr 17, 2023

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2023-20963 Android · Framework Added Apr 13, 2023

Android Framework Privilege Escalation Vulnerability

Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2023-29492 Novi Survey · Novi Survey Added Apr 13, 2023

Novi Survey Insecure Deserialization Vulnerability

Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2023-28252 Microsoft · Windows Added Apr 11, 2023

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2023-28205 Apple · Multiple Products Added Apr 10, 2023

Apple Multiple Products WebKit Use-After-Free Vulnerability

Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2023-28206 Apple · iOS, iPadOS, and macOS Added Apr 10, 2023

Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability

Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-27876 Veritas · Backup Exec Agent Added Apr 7, 2023

Veritas Backup Exec Agent File Access Vulnerability

Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-27877 Veritas · Backup Exec Agent Added Apr 7, 2023

Veritas Backup Exec Agent Improper Authentication Vulnerability

Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-27878 Veritas · Backup Exec Agent Added Apr 7, 2023

Veritas Backup Exec Agent Command Execution Vulnerability

Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1388 Microsoft · Windows Added Apr 7, 2023

Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability

Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2023-26083 Arm · Mali Graphics Processing Unit (GPU) Added Apr 7, 2023

Arm Mali GPU Kernel Driver Information Disclosure Vulnerability

Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-27926 Synacor · Zimbra Collaboration Suite (ZCS) Added Apr 3, 2023

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-3163 Microsoft · Internet Explorer Added Mar 30, 2023

Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-7494 Samba · Samba Added Mar 30, 2023

Samba Remote Code Execution Vulnerability

Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-42948 Fortra · Cobalt Strike Added Mar 30, 2023

Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability

Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-39197 Fortra · Cobalt Strike Added Mar 30, 2023

Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability

Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-30900 Apple · iOS, iPadOS, and macOS Added Mar 30, 2023

Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability

Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-38181 Arm · Mali Graphics Processing Unit (GPU) Added Mar 30, 2023

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability

Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2023-0266 Linux · Kernel Added Mar 30, 2023

Linux Kernel Use-After-Free Vulnerability

Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-3038 Google · Chromium Network Service Added Mar 30, 2023

Google Chromium Network Service Use-After-Free Vulnerability

Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-22706 Arm · Mali Graphics Processing Unit (GPU) Added Mar 30, 2023

Arm Mali GPU Kernel Driver Unspecified Vulnerability

Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.

Request Assessment TLINK PRO