Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD
All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 entries
Critical CVE-2018-13382 Fortinet · FortiOS and FortiProxy Added Jan 10, 2022

Fortinet FortiOS and FortiProxy Improper Authorization

An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-13383 Fortinet · FortiOS and FortiProxy Added Jan 10, 2022

Fortinet FortiOS and FortiProxy Out-of-bounds Write

A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-1579 Palo Alto Networks · PAN-OS Added Jan 10, 2022

Palo Alto Networks PAN-OS Remote Code Execution Vulnerability

Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-10149 Exim · Mail Transfer Agent (MTA) Added Jan 10, 2022

Exim Mail Transfer Agent (MTA) Improper Input Validation

Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2015-7450 IBM · WebSphere Application Server and Server Hypervisor Edition Added Jan 10, 2022

IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.

Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-1000486 Primetek · Primefaces Application Added Jan 10, 2022

Primetek Primefaces Remote Code Execution Vulnerability

Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-7609 Elastic · Kibana Added Jan 10, 2022

Kibana Arbitrary Code Execution

Kibana contain an arbitrary code execution flaw in the Timelion visualizer.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-27860 FatPipe · WARP, IPVPN, and MPVPN software Added Jan 10, 2022

FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit

A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-43890 Microsoft · Windows Added Dec 15, 2021

Microsoft Windows AppX Installer Spoofing Vulnerability

Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-4102 Google · Chromium V8 Added Dec 15, 2021

Google Chromium V8 Use-After-Free Vulnerability

Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-44515 Zoho · Desktop Central Added Dec 10, 2021

Zoho Desktop Central Authentication Bypass Vulnerability

Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-13272 Linux · Kernel Added Dec 10, 2021

Linux Kernel Improper Privilege Management Vulnerability

Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-35394 Realtek · Jungle Software Development Kit (SDK) Added Dec 10, 2021

Realtek Jungle SDK Remote Code Execution Vulnerability

RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-7238 Sonatype · Nexus Repository Manager Added Dec 10, 2021

Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability

Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0193 Apache · Solr Added Dec 10, 2021

Apache Solr DataImportHandler Code Injection Vulnerability

The optional Apache Solr module DataImportHandler contains a code injection vulnerability.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-44168 Fortinet · FortiOS Added Dec 10, 2021

Fortinet FortiOS Arbitrary File Download

Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-17562 Embedthis · GoAhead Added Dec 10, 2021

Embedthis GoAhead Remote Code Execution Vulnerability

Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-12149 Red Hat · JBoss Application Server Added Dec 10, 2021

Red Hat JBoss Application Server Remote Code Execution Vulnerability

The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2010-1871 Red Hat · JBoss Seam 2 Added Dec 10, 2021

Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability

JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-17463 Fuel CMS · Fuel CMS Added Dec 10, 2021

Fuel CMS SQL Injection Vulnerability

FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-8816 Pi-hole · AdminLTE Added Dec 10, 2021

Pi-Hole AdminLTE Remote Code Execution Vulnerability

Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-10758 MongoDB · mongo-express Added Dec 10, 2021

MongoDB mongo-express Remote Code Execution Vulnerability

mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-44228 Apache · Log4j2 Added Dec 10, 2021

Apache Log4j2 Remote Code Execution Vulnerability

Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-11261 Qualcomm · Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Added Dec 1, 2021

Qualcomm Multiple Chipsets Improper Input Validation Vulnerability

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-14847 MikroTik · RouterOS Added Dec 1, 2021

MikroTik Router OS Directory Traversal Vulnerability

MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.