Active threat advisories and known exploited vulnerabilities.

Critical CVE-2019-11708 Mozilla · Firefox and Thunderbird Added May 23, 2022

Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability

Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-8720 WebKitGTK · WebKitGTK Added May 23, 2022

WebKitGTK Memory Corruption Vulnerability

WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-18426 Meta Platforms · WhatsApp Added May 23, 2022

WhatsApp Cross-Site Scripting Vulnerability

A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1385 Microsoft · Windows Added May 23, 2022

Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1130 Microsoft · Windows Added May 23, 2022

Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-5002 Adobe · Flash Player Added May 23, 2022

Adobe Flash Player Stack-based Buffer Overflow Vulnerability

Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-8589 Microsoft · Win32k Added May 23, 2022

Microsoft Win32k Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-30525 Zyxel · Multiple Firewalls Added May 16, 2022

Zyxel Multiple Firewalls OS Command Injection Vulnerability

A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-22947 VMware · Spring Cloud Gateway Added May 16, 2022

VMware Spring Cloud Gateway Code Injection Vulnerability

Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-1388 F5 · BIG-IP Added May 10, 2022

F5 BIG-IP Missing Authentication Vulnerability

F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-1789 Apple · Multiple Products Added May 4, 2022

Apple Multiple Products Type Confusion Vulnerability

A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-8506 Apple · Multiple Products Added May 4, 2022

Apple Multiple Products Type Confusion Vulnerability

A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-4113 Microsoft · Win32k Added May 4, 2022

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-0322 Microsoft · Internet Explorer Added May 4, 2022

Microsoft Internet Explorer Use-After-Free Vulnerability

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-0160 OpenSSL · OpenSSL Added May 4, 2022

OpenSSL Information Disclosure Vulnerability

The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-29464 WSO2 · Multiple Products Added Apr 25, 2022

WSO2 Multiple Products Unrestrictive Upload of File Vulnerability

Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-26904 Microsoft · Windows Added Apr 25, 2022

Microsoft Windows User Profile Service Privilege Escalation Vulnerability

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-21919 Microsoft · Windows Added Apr 25, 2022

Microsoft Windows User Profile Service Privilege Escalation Vulnerability

Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-0847 Linux · Kernel Added Apr 25, 2022

Linux Kernel Privilege Escalation Vulnerability

Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-41357 Microsoft · Win32k Added Apr 25, 2022

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2021-40450 Microsoft · Win32k Added Apr 25, 2022

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-1003029 Jenkins · Script Security Plugin Added Apr 25, 2022

Jenkins Script Security Plugin Sandbox Bypass Vulnerability

Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-6882 Synacor · Zimbra Collaboration Suite (ZCS) Added Apr 19, 2022

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2019-3568 Meta Platforms · WhatsApp Added Apr 19, 2022

WhatsApp VOIP Stack Buffer Overflow Vulnerability

A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-22718 Microsoft · Windows Added Apr 19, 2022

Microsoft Windows Print Spooler Privilege Escalation Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed