Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD
All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 critical entries
Critical CVE-2017-15944 Palo Alto Networks · PAN-OS Added Aug 18, 2022

Palo Alto Networks PAN-OS Remote Code Execution Vulnerability

Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-27925 Synacor · Zimbra Collaboration Suite (ZCS) Added Aug 11, 2022

Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-37042 Synacor · Zimbra Collaboration Suite (ZCS) Added Aug 11, 2022

Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-34713 Microsoft · Windows Added Aug 9, 2022

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-30333 RARLAB · UnRAR Added Aug 9, 2022

RARLAB UnRAR Directory Traversal Vulnerability

RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-27924 Synacor · Zimbra Collaboration Suite (ZCS) Added Aug 4, 2022

Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-26138 Atlassian · Confluence Added Jul 29, 2022

Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability

Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-22047 Microsoft · Windows Added Jul 12, 2022

Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability

Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-26925 Microsoft · Windows Added Jul 1, 2022

Microsoft Windows LSA Spoofing Vulnerability

Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-29499 Mitel · MiVoice Connect Added Jun 27, 2022

Mitel MiVoice Connect Data Validation Vulnerability

The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30533 Google · Chromium PopupBlocker Added Jun 27, 2022

Google Chromium PopupBlocker Security Bypass Vulnerability

Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-4034 Red Hat · Polkit Added Jun 27, 2022

Red Hat Polkit Out-of-Bounds Read and Write Vulnerability

The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30983 Apple · iOS and iPadOS Added Jun 27, 2022

Apple iOS and iPadOS Buffer Overflow Vulnerability

Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-3837 Apple · Multiple Products Added Jun 27, 2022

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-9907 Apple · Multiple Products Added Jun 27, 2022

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-8605 Apple · Multiple Products Added Jun 27, 2022

Apple Multiple Products Use-After-Free Vulnerability

A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-4344 Apple · Multiple Products Added Jun 27, 2022

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-30190 Microsoft · Windows Added Jun 14, 2022

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability

A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-38163 SAP · NetWeaver Added Jun 9, 2022

SAP NetWeaver Unrestricted File Upload Vulnerability

SAP NetWeaver contains a vulnerability that allows unrestricted file upload.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-2386 SAP · NetWeaver Added Jun 9, 2022

SAP NetWeaver SQL Injection Vulnerability

SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-2388 SAP · NetWeaver Added Jun 9, 2022

SAP NetWeaver Information Disclosure Vulnerability

The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-7195 QNAP · Photo Station Added Jun 8, 2022

QNAP Photo Station Path Traversal Vulnerability

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-7194 QNAP · Photo Station Added Jun 8, 2022

QNAP Photo Station Path Traversal Vulnerability

QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-7193 QNAP · QTS Added Jun 8, 2022

QNAP QTS Improper Input Validation Vulnerability

QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-7192 QNAP · Photo Station Added Jun 8, 2022

QNAP Photo Station Improper Access Control Vulnerability

QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.