Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD
All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 critical entries
Critical CVE-2014-4123 Microsoft · Internet Explorer Added May 25, 2022

Microsoft Internet Explorer Privilege Escalation Vulnerability

Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2014-0546 Adobe · Reader and Acrobat Added May 25, 2022

Adobe Reader and Acrobat Sandbox Bypass Vulnerability

Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2014-2817 Microsoft · Internet Explorer Added May 25, 2022

Microsoft Internet Explorer Privilege Escalation Vulnerability

Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2014-4077 Microsoft · Input Method Editor (IME) Japanese Added May 25, 2022

Microsoft IME Japanese Privilege Escalation Vulnerability

Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE (IME for Japanese) is installed which allows attackers to bypass a sandbox and perform privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2014-3153 Linux · Kernel Added May 25, 2022

Linux Kernel Privilege Escalation Vulnerability

The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2013-7331 Microsoft · Internet Explorer Added May 25, 2022

Microsoft Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2013-3993 IBM · InfoSphere BigInsights Added May 25, 2022

IBM InfoSphere BigInsights Invalid Input Vulnerability

Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2013-3896 Microsoft · Silverlight Added May 25, 2022

Microsoft Silverlight Information Disclosure Vulnerability

Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2013-2423 Oracle · Java Runtime Environment (JRE) Added May 25, 2022

Oracle JRE Unspecified Vulnerability

Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2013-0431 Oracle · Java Runtime Environment (JRE) Added May 25, 2022

Oracle JRE Sandbox Bypass Vulnerability

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2013-0422 Oracle · Java Runtime Environment (JRE) Added May 25, 2022

Oracle JRE Remote Code Execution Vulnerability

A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2013-0074 Microsoft · Silverlight Added May 25, 2022

Microsoft Silverlight Double Dereference Vulnerability

Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2012-1710 Oracle · Fusion Middleware Added May 25, 2022

Oracle Fusion Middleware Unspecified Vulnerability

Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2010-1428 Red Hat · JBoss Added May 25, 2022

Red Hat JBoss Information Disclosure Vulnerability

Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2010-0840 Oracle · Java Runtime Environment (JRE) Added May 25, 2022

Oracle JRE Unspecified Vulnerability

Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2010-0738 Red Hat · JBoss Added May 25, 2022

Red Hat JBoss Authentication Bypass Vulnerability

The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-8611 Microsoft · Windows Added May 24, 2022

Microsoft Windows Kernel Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-19953 QNAP · Network Attached Storage (NAS) Added May 24, 2022

QNAP NAS File Station Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-19949 QNAP · Network Attached Storage (NAS) Added May 24, 2022

QNAP NAS File Station Command Injection Vulnerability

A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-19943 QNAP · Network Attached Storage (NAS) Added May 24, 2022

QNAP NAS File Station Cross-Site Scripting Vulnerability

A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-0147 Microsoft · SMBv1 server Added May 24, 2022

Microsoft Windows SMBv1 Information Disclosure Vulnerability

The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-0022 Microsoft · XML Core Services Added May 24, 2022

Microsoft XML Core Services Information Disclosure Vulnerability

Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-0005 Microsoft · Windows Added May 24, 2022

Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability

The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-0149 Microsoft · Internet Explorer Added May 24, 2022

Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-0210 Microsoft · Internet Explorer Added May 24, 2022

Microsoft Internet Explorer Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.