Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD
All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 critical entries
Critical CVE-2017-8291 Artifex · Ghostscript Added May 24, 2022

Artifex Ghostscript Type Confusion Vulnerability

Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a "/OutputFile.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-8543 Microsoft · Windows Added May 24, 2022

Microsoft Windows Search Remote Code Execution Vulnerability

Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-18362 Kaseya · Virtual System/Server Administrator (VSA) Added May 24, 2022

Kaseya VSA SQL Injection Vulnerability

ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-0162 Microsoft · Internet Explorer Added May 24, 2022

Microsoft Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-3351 Microsoft · Internet Explorer and Edge Added May 24, 2022

Microsoft Internet Explorer and Edge Information Disclosure Vulnerability

An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-4655 Apple · iOS Added May 24, 2022

Apple iOS Information Disclosure Vulnerability

The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-4656 Apple · iOS Added May 24, 2022

Apple iOS Memory Corruption Vulnerability

A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-4657 Apple · iOS Added May 24, 2022

Apple iOS Webkit Memory Corruption Vulnerability

Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-6366 Cisco · Adaptive Security Appliance (ASA) Added May 24, 2022

Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability

A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-6367 Cisco · Adaptive Security Appliance (ASA) Added May 24, 2022

Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability

A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-3298 Microsoft · Internet Explorer Added May 24, 2022

Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability

An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-20821 Cisco · IOS XR Added May 23, 2022

Cisco IOS XR Open Port Vulnerability

Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-1048 Android · Kernel Added May 23, 2022

Android Kernel Use-After-Free Vulnerability

Android kernel contains a use-after-free vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-0920 Android · Kernel Added May 23, 2022

Android Kernel Race Condition Vulnerability

Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30883 Apple · Multiple Products Added May 23, 2022

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-1027 Microsoft · Windows Added May 23, 2022

Microsoft Windows Kernel Privilege Escalation Vulnerability

An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-0638 Microsoft · Update Notification Manager Added May 23, 2022

Microsoft Update Notification Manager Privilege Escalation Vulnerability

Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-7286 Apple · Multiple Products Added May 23, 2022

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-7287 Apple · iOS Added May 23, 2022

Apple iOS Memory Corruption Vulnerability

Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0676 Microsoft · Internet Explorer Added May 23, 2022

Microsoft Internet Explorer Information Disclosure Vulnerability

An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-5786 Google · Chrome Blink Added May 23, 2022

Google Chrome Blink Use-After-Free Vulnerability

Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0703 Microsoft · Windows Added May 23, 2022

Microsoft Windows SMB Information Disclosure Vulnerability

An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0880 Microsoft · Windows Added May 23, 2022

Microsoft Windows Privilege Escalation Vulnerability

A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-13720 Google · Chrome WebAudio Added May 23, 2022

Google Chrome WebAudio Use-After-Free Vulnerability

Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-11707 Mozilla · Firefox and Thunderbird Added May 23, 2022

Mozilla Firefox and Thunderbird Type Confusion Vulnerability

Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.