Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD

All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 entries

Critical CVE-2018-6961 VMware · SD-WAN Edge Added Mar 25, 2022

VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability

VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-14839 LG · N1A1 NAS Added Mar 25, 2022

LG N1A1 NAS Remote Command Execution Vulnerability

LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-1273 VMware Tanzu · Spring Data Commons Added Mar 25, 2022

VMware Tanzu Spring Data Commons Property Binder Vulnerability

Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-11138 Quest · KACE System Management Appliance Added Mar 25, 2022

Quest KACE System Management Appliance Remote Command Execution Vulnerability

The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-0147 Cisco · Secure Access Control System (ACS) Added Mar 25, 2022

Cisco Secure Access Control System Java Deserialization Vulnerability

A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2018-0125 Cisco · VPN Routers Added Mar 25, 2022

Cisco VPN Routers Remote Code Execution Vulnerability

A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-6334 NETGEAR · DGN2200 Devices Added Mar 25, 2022

NETGEAR DGN2200 Devices OS Command Injection Vulnerability

dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-6316 Citrix · NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server Added Mar 25, 2022

Citrix Multiple Products Remote Code Execution Vulnerability

A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-3881 Cisco · IOS and IOS XE Added Mar 25, 2022

Cisco IOS and IOS XE Remote Code Execution Vulnerability

A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-12617 Apache · Tomcat Added Mar 25, 2022

Apache Tomcat Remote Code Execution Vulnerability

When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-12615 Apache · Tomcat Added Mar 25, 2022

Apache Tomcat on Windows Remote Code Execution Vulnerability

When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2017-0146 Microsoft · Windows Added Mar 25, 2022

Microsoft Windows SMB Remote Code Execution Vulnerability

The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2016-7892 Adobe · Flash Player Added Mar 25, 2022

Adobe Flash Player Use-After-Free Vulnerability

Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2016-4171 Adobe · Flash Player Added Mar 25, 2022

Adobe Flash Player Remote Code Execution Vulnerability

Unspecified vulnerability in Adobe Flash Player allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2016-1555 NETGEAR · Wireless Access Point (WAP) Devices Added Mar 25, 2022

NETGEAR Multiple WAP Devices Command Injection Vulnerability

Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2016-11021 D-Link · DCS-930L Devices Added Mar 25, 2022

D-Link DCS-930L Devices OS Command Injection Vulnerability

setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2016-10174 NETGEAR · WNR2000v5 Router Added Mar 25, 2022

NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability

The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2016-0752 Rails · Ruby on Rails Added Mar 25, 2022

Ruby on Rails Directory Traversal Vulnerability

Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-4068 Arcserve · Unified Data Protection (UDP) Added Mar 25, 2022

Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability

Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-3035 TP-Link · Multiple Archer Devices Added Mar 25, 2022

TP-Link Multiple Archer Devices Directory Traversal Vulnerability

Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-1427 Elastic · Elasticsearch Added Mar 25, 2022

Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability

The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-1187 D-Link and TRENDnet · Multiple Devices Added Mar 25, 2022

D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability

The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2015-0666 Cisco · Prime Data Center Network Manager (DCNM) Added Mar 25, 2022

Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability

Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-6332 Microsoft · Windows Added Mar 25, 2022

Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability

OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Critical CVE-2014-6324 Microsoft · Kerberos Key Distribution Center (KDC) Added Mar 25, 2022

Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability

The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.

Request Assessment TLINK PRO