Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD
All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 entries
Critical CVE-2019-1652 Cisco · Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers Added Mar 3, 2022

Cisco Small Business Routers Improper Input Validation Vulnerability

A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-1297 Microsoft · Excel Added Mar 3, 2022

Microsoft Excel Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-8581 Microsoft · Exchange Server Added Mar 3, 2022

Microsoft Exchange Server Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-8298 ChakraCore · ChakraCore scripting engine Added Mar 3, 2022

ChakraCore Scripting Engine Type Confusion Vulnerability

The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0180 Cisco · IOS Software Added Mar 3, 2022

Cisco IOS Software Denial-of-Service Vulnerability

A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0179 Cisco · IOS Software Added Mar 3, 2022

Cisco IOS Software Denial-of-Service Vulnerability

A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0175 Cisco · IOS, XR, and XE Software Added Mar 3, 2022

Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability

Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0174 Cisco · IOS XE Software Added Mar 3, 2022

Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0173 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS and IOS XE Software Improper Input Validation Vulnerability

A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for denial-of-service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0172 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS and IOS XE Software Improper Input Validation Vulnerability

A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0167 Cisco · IOS, XR, and XE Software Added Mar 3, 2022

Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability

There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0161 Cisco · IOS Software Added Mar 3, 2022

Cisco IOS Software Resource Management Errors Vulnerability

A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial-of-service (DoS) condition.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0159 Cisco · IOS Software and Cisco IOS XE Software Added Mar 3, 2022

Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability

A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0158 Cisco · IOS Software and Cisco IOS XE Software Added Mar 3, 2022

Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability

A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0156 Cisco · IOS Software and Cisco IOS XE Software Added Mar 3, 2022

Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability

A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial-of-service (DoS) condition.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0155 Cisco · Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches Added Mar 3, 2022

Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability

A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0154 Cisco · IOS Software Added Mar 3, 2022

Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability

A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0151 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability

A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-8540 Microsoft · Malware Protection Engine Added Mar 3, 2022

Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability

The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-6744 Cisco · IOS software Added Mar 3, 2022

Cisco IOS Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-6743 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-6740 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-6739 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-6738 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-6737 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.