Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD
All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 entries
Critical CVE-2019-0543 Microsoft · Windows Added Mar 15, 2022

Microsoft Windows Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-8120 Microsoft · Win32k Added Mar 15, 2022

Microsoft Win32k Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-0101 Microsoft · Windows Added Mar 15, 2022

Microsoft Windows Transaction Manager Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-3309 Microsoft · Windows Added Mar 15, 2022

Microsoft Windows Kernel Privilege Escalation Vulnerability

A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2015-2546 Microsoft · Win32k Added Mar 15, 2022

Microsoft Win32k Memory Corruption Vulnerability

The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-26486 Mozilla · Firefox Added Mar 7, 2022

Mozilla Firefox Use-After-Free Vulnerability

Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-26485 Mozilla · Firefox Added Mar 7, 2022

Mozilla Firefox Use-After-Free Vulnerability

Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-21973 VMware · vCenter Server and Cloud Foundation Added Mar 7, 2022

VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability

VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-8218 Pulse Secure · Pulse Connect Secure Added Mar 7, 2022

Pulse Connect Secure Code Injection Vulnerability

A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-11581 Atlassian · Jira Server and Data Center Added Mar 7, 2022

Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability

Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-6077 NETGEAR · Wireless Router DGN2200 Added Mar 7, 2022

NETGEAR DGN2200 Remote Code Execution Vulnerability

NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-6277 NETGEAR · Multiple Routers Added Mar 7, 2022

NETGEAR Multiple Routers Remote Code Execution Vulnerability

NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2013-0631 Adobe · ColdFusion Added Mar 7, 2022

Adobe ColdFusion Information Disclosure Vulnerability

Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2013-0629 Adobe · ColdFusion Added Mar 7, 2022

Adobe ColdFusion Directory Traversal Vulnerability

Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2013-0625 Adobe · ColdFusion Added Mar 7, 2022

Adobe ColdFusion Authentication Bypass Vulnerability

Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2009-3960 Adobe · BlazeDS Added Mar 7, 2022

Adobe BlazeDS Information Disclosure Vulnerability

Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-20708 Cisco · Small Business RV160, RV260, RV340, and RV345 Series Routers Added Mar 3, 2022

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-20703 Cisco · Small Business RV160, RV260, RV340, and RV345 Series Routers Added Mar 3, 2022

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-20701 Cisco · Small Business RV160, RV260, RV340, and RV345 Series Routers Added Mar 3, 2022

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-20700 Cisco · Small Business RV160, RV260, RV340, and RV345 Series Routers Added Mar 3, 2022

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-20699 Cisco · Small Business RV160, RV260, RV340, and RV345 Series Routers Added Mar 3, 2022

Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability

A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-41379 Microsoft · Windows Added Mar 3, 2022

Microsoft Windows Installer Privilege Escalation Vulnerability

Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-1938 Apache · Tomcat Added Mar 3, 2022

Apache Tomcat Improper Privilege Management Vulnerability

Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-11899 Treck TCP/IP stack · IPv6 Added Mar 3, 2022

Treck TCP/IP stack Out-of-Bounds Read Vulnerability

The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-16928 Exim · Exim Internet Mailer Added Mar 3, 2022

Exim Out-of-bounds Write Vulnerability

Exim contains an out-of-bounds write vulnerability which can allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.