Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 18, 2026.

1,623 total bulletins 1,623 critical or high severity Source: CISA KEV + NVD
All 1,623 Critical 1,623 High 0 Medium 0 Low 0 1,623 critical entries
Critical CVE-2012-1723 Oracle · Java SE Added Mar 3, 2022

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2012-1535 Adobe · Flash Player Added Mar 3, 2022

Adobe Flash Player Arbitrary Code Execution Vulnerability

Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2012-0507 Oracle · Java SE Added Mar 3, 2022

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2011-3544 Oracle · Java SE JDK and JRE Added Mar 3, 2022

Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2011-1889 Microsoft · Forefront Threat Management Gateway (TMG) Added Mar 3, 2022

Microsoft Forefront TMG Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2011-0611 Adobe · Flash Player Added Mar 3, 2022

Adobe Flash Player Remote Code Execution Vulnerability

Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2010-3333 Microsoft · Office Added Mar 3, 2022

Microsoft Office Stack-based Buffer Overflow Vulnerability

A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2010-0232 Microsoft · Windows Added Mar 3, 2022

Microsoft Windows Kernel Exception Handler Vulnerability

The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2010-0188 Adobe · Reader and Acrobat Added Mar 3, 2022

Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability

Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2009-3129 Microsoft · Excel Added Mar 3, 2022

Microsoft Excel Featheader Record Memory Corruption Vulnerability

Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2009-1123 Microsoft · Windows Added Mar 3, 2022

Microsoft Windows Improper Input Validation Vulnerability

The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2008-3431 Oracle · VirtualBox Added Mar 3, 2022

Oracle VirtualBox Insufficient Input Validation Vulnerability

An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2008-2992 Adobe · Acrobat and Reader Added Mar 3, 2022

Adobe Reader and Acrobat Input Validation Vulnerability

Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2004-0210 Microsoft · Windows Added Mar 3, 2022

Microsoft Windows Privilege Escalation Vulnerability

A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2002-0367 Microsoft · Windows Added Mar 3, 2022

Microsoft Windows Privilege Escalation Vulnerability

smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-24682 Synacor · Zimbra Collaborate Suite (ZCS) Added Feb 25, 2022

Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability

Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-8570 Microsoft · Office Added Feb 25, 2022

Microsoft Office Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-0222 Microsoft · Internet Explorer Added Feb 25, 2022

Microsoft Internet Explorer Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2014-6352 Microsoft · Windows Added Feb 25, 2022

Microsoft Windows Code Injection Vulnerability

Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-23131 Zabbix · Frontend Added Feb 22, 2022

Zabbix Frontend Authentication Bypass Vulnerability

Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-23134 Zabbix · Frontend Added Feb 22, 2022

Zabbix Frontend Improper Access Control Vulnerability

Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-24086 Adobe · Commerce and Magento Open Source Added Feb 15, 2022

Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2022-0609 Google · Chromium Animation Added Feb 15, 2022

Google Chromium Animation Use-After-Free Vulnerability

Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0752 Microsoft · Internet Explorer Added Feb 15, 2022

Microsoft Internet Explorer Type Confusion Vulnerability

A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-8174 Microsoft · Windows Added Feb 15, 2022

Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability

A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.