Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD

All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 entries

Critical CVE-2022-44877 CWP · Control Web Panel Added Jan 17, 2023

CWP Control Web Panel OS Command Injection Vulnerability

CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-41080 Microsoft · Exchange Server Added Jan 10, 2023

Microsoft Exchange Server Privilege Escalation Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2023-21674 Microsoft · Windows Added Jan 10, 2023

Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability

Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-5430 TIBCO · JasperReports Added Dec 29, 2022

TIBCO JasperReports Server Information Disclosure Vulnerability

TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-18809 TIBCO · JasperReports Added Dec 29, 2022

TIBCO JasperReports Library Directory Traversal Vulnerability

TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-42856 Apple · iOS Added Dec 14, 2022

Apple iOS Type Confusion Vulnerability

Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-42475 Fortinet · FortiOS Added Dec 13, 2022

Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability

Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-44698 Microsoft · Defender Added Dec 13, 2022

Microsoft Defender SmartScreen Security Feature Bypass Vulnerability

Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-27518 Citrix · Application Delivery Controller (ADC) and Gateway Added Dec 13, 2022

Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability

Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-26500 Veeam · Backup & Replication Added Dec 13, 2022

Veeam Backup & Replication Remote Code Execution Vulnerability

The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-26501 Veeam · Backup & Replication Added Dec 13, 2022

Veeam Backup & Replication Remote Code Execution Vulnerability

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-4262 Google · Chromium V8 Added Dec 5, 2022

Google Chromium V8 Type Confusion Vulnerability

Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-35587 Oracle · Fusion Middleware Added Nov 28, 2022

Oracle Fusion Middleware Unspecified Vulnerability

Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-4135 Google · Chromium GPU Added Nov 28, 2022

Google Chromium GPU Heap Buffer Overflow Vulnerability

Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-41049 Microsoft · Windows Added Nov 14, 2022

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-41091 Microsoft · Windows Added Nov 8, 2022

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability

Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-41073 Microsoft · Windows Added Nov 8, 2022

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-41125 Microsoft · Windows Added Nov 8, 2022

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability

Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-41128 Microsoft · Windows Added Nov 8, 2022

Microsoft Windows Scripting Languages Remote Code Execution Vulnerability

Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-25337 Samsung · Mobile Devices Added Nov 8, 2022

Samsung Mobile Devices Improper Access Control Vulnerability

Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-25369 Samsung · Mobile Devices Added Nov 8, 2022

Samsung Mobile Devices Improper Access Control Vulnerability

Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-25370 Samsung · Mobile Devices Added Nov 8, 2022

Samsung Mobile Devices Memory Corruption Vulnerability

Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-3723 Google · Chromium V8 Added Oct 28, 2022

Google Chromium V8 Type Confusion Vulnerability

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-42827 Apple · iOS and iPadOS Added Oct 25, 2022

Apple iOS and iPadOS Out-of-Bounds Write Vulnerability

Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2020-3433 Cisco · AnyConnect Secure Added Oct 24, 2022

Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability

Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.

Request Assessment TLINK PRO