Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD
All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 critical entries
Critical CVE-2017-6736 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability

The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-6663 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability

A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in denial-of-service (DoS).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-6627 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability

A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and denial of service.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-12319 Cisco · IOS XE Software Added Mar 3, 2022

Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability

A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-12240 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability

The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-12238 Cisco · Catalyst 6800 Series Switches Added Mar 3, 2022

Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability

A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-12237 Cisco · IOS and IOS XE Software Added Mar 3, 2022

Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability

A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-12235 Cisco · IOS software Added Mar 3, 2022

Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability

A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-12234 Cisco · IOS software Added Mar 3, 2022

Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability

There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-12233 Cisco · IOS software Added Mar 3, 2022

Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability

There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-12232 Cisco · IOS software Added Mar 3, 2022

Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability

A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-12231 Cisco · IOS software Added Mar 3, 2022

Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability

A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-11826 Microsoft · Office Added Mar 3, 2022

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-11292 Adobe · Flash Player Added Mar 3, 2022

Adobe Flash Player Type Confusion Vulnerability

Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-0261 Microsoft · Office Added Mar 3, 2022

Microsoft Office Use-After-Free Vulnerability

Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-0001 Microsoft · Graphics Device Interface (GDI) Added Mar 3, 2022

Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability

The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-8562 Siemens · SIMATIC CP Added Mar 3, 2022

Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability

An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-7855 Adobe · Flash Player Added Mar 3, 2022

Adobe Flash Player Use-After-Free Vulnerability

Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-7262 Microsoft · Excel Added Mar 3, 2022

Microsoft Office Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-7193 Microsoft · Office Added Mar 3, 2022

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-5195 Linux · Kernel Added Mar 3, 2022

Linux Kernel Race Condition Vulnerability

Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-4117 Adobe · Flash Player Added Mar 3, 2022

Adobe Flash Player Arbitrary Code Execution Vulnerability

An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-1019 Adobe · Flash Player Added Mar 3, 2022

Adobe Flash Player Arbitrary Code Execution Vulnerability

Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-0099 Microsoft · Windows Added Mar 3, 2022

Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability

A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2015-7645 Adobe · Flash Player Added Mar 3, 2022

Adobe Flash Player Arbitrary Code Execution Vulnerability

Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.