Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 12, 2026.

1,619 total bulletins 1,619 critical or high severity Source: CISA KEV + NVD
All 1,619 Critical 1,619 High 0 Medium 0 Low 0 1,619 entries
Critical CVE-2019-17558 Apache · Solr Added Nov 3, 2021

Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability

The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-17530 Apache · Struts Added Nov 3, 2021

Apache Struts Remote Code Execution Vulnerability

Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-5638 Apache · Struts Added Nov 3, 2021

Apache Struts Remote Code Execution Vulnerability

Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-11776 Apache · Struts Added Nov 3, 2021

Apache Struts Remote Code Execution Vulnerability

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Or, using URL tag which doesn't have value and action set and in same time, its upper package configuration have no or wildcard namespace.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30858 Apple · iOS, iPadOS, and macOS Added Nov 3, 2021

Apple iOS, iPadOS, macOS Use-After-Free Vulnerability

Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-6223 Apple · iOS and macOS Added Nov 3, 2021

Apple iOS and macOS Group Facetime Vulnerability

Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30860 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products Integer Overflow Vulnerability

Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-27930 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30807 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-27950 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products Memory Initialization Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-27932 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products Type Confusion Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-9818 Apple · iOS, iPadOS, and watchOS Added Nov 3, 2021

Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability

Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-9819 Apple · iOS, iPadOS, and watchOS Added Nov 3, 2021

Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability

Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30762 Apple · iOS Added Nov 3, 2021

Apple iOS WebKit Use-After-Free Vulnerability

Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-1782 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products Race Condition Vulnerability

Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-1870 Apple · iOS, iPadOS, and macOS Added Nov 3, 2021

Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability

Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-1871 Apple · iOS, iPadOS, and macOS Added Nov 3, 2021

Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability

Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-1879 Apple · iOS, iPadOS, and watchOS Added Nov 3, 2021

Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability

Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30661 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products WebKit Storage Use-After-Free Vulnerability

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30666 Apple · iOS Added Nov 3, 2021

Apple iOS WebKit Buffer Overflow Vulnerability

Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30713 Apple · macOS Added Nov 3, 2021

Apple macOS Unspecified Vulnerability

Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30657 Apple · macOS Added Nov 3, 2021

Apple macOS Unspecified Vulnerability

Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30665 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products WebKit Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30663 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products WebKit Integer Overflow Vulnerability

Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30761 Apple · iOS Added Nov 3, 2021

Apple iOS WebKit Memory Corruption Vulnerability

Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.