Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD

All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 entries

Critical CVE-2018-8406 Microsoft · DirectX Graphics Kernel (DXGKRNL) Added Mar 28, 2022

Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-8405 Microsoft · DirectX Graphics Kernel (DXGKRNL) Added Mar 28, 2022

Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability

An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-0213 Microsoft · Windows Added Mar 28, 2022

Microsoft Windows Privilege Escalation Vulnerability

Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-0059 Microsoft · Internet Explorer Added Mar 28, 2022

Microsoft Internet Explorer Information Disclosure Vulnerability

Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-0037 Microsoft · Edge and Internet Explorer Added Mar 28, 2022

Microsoft Edge and Internet Explorer Type Confusion Vulnerability

Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2016-7201 Microsoft · Edge Added Mar 28, 2022

Microsoft Edge Memory Corruption Vulnerability

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2016-7200 Microsoft · Edge Added Mar 28, 2022

Microsoft Edge Memory Corruption Vulnerability

The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2016-0189 Microsoft · Internet Explorer Added Mar 28, 2022

Microsoft Internet Explorer Memory Corruption Vulnerability

The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2016-0151 Microsoft · Client-Server Run-time Subsystem (CSRSS) Added Mar 28, 2022

Microsoft Windows CSRSS Security Feature Bypass Vulnerability

The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2016-0040 Microsoft · Windows Added Mar 28, 2022

Microsoft Windows Kernel Privilege Escalation Vulnerability

The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-2426 Microsoft · Windows Added Mar 28, 2022

Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-2419 Microsoft · Internet Explorer Added Mar 28, 2022

Microsoft Internet Explorer Memory Corruption Vulnerability

JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-1770 Microsoft · Office Added Mar 28, 2022

Microsoft Office Uninitialized Memory Use Vulnerability

Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-3660 Microsoft · Win32k Added Mar 28, 2022

Microsoft Win32k Privilege Escalation Vulnerability

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-2729 Adobe · Reader and Acrobat Added Mar 28, 2022

Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability

Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-2551 Microsoft · Internet Explorer Added Mar 28, 2022

Microsoft Internet Explorer Use-After-Free Vulnerability

Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-2465 Oracle · Java SE Added Mar 28, 2022

Oracle Java SE Unspecified Vulnerability

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2013-1690 Mozilla · Firefox and Thunderbird Added Mar 28, 2022

Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability

Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2012-5076 Oracle · Java SE Added Mar 28, 2022

Oracle Java SE Sandbox Bypass Vulnerability

The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2012-2539 Microsoft · Word Added Mar 28, 2022

Microsoft Word Remote Code Execution Vulnerability

Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2012-2034 Adobe · Flash Player Added Mar 28, 2022

Adobe Flash Player Memory Corruption Vulnerability

Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2012-0518 Oracle · Fusion Middleware Added Mar 28, 2022

Oracle Fusion Middleware Unspecified Vulnerability

Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2011-2005 Microsoft · Ancillary Function Driver (afd.sys) Added Mar 28, 2022

Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability

afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2010-4398 Microsoft · Windows Added Mar 28, 2022

Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability

Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2022-26318 WatchGuard · Firebox and XTM Appliances Added Mar 25, 2022

WatchGuard Firebox and XTM Appliances Arbitrary Code Execution

On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.

Request Assessment TLINK PRO