Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 18, 2026.

1,623 total bulletins 1,623 critical or high severity Source: CISA KEV + NVD
All 1,623 Critical 1,623 High 0 Medium 0 Low 0 1,623 critical entries
Critical CVE-2021-42013 Apache · HTTP Server Added Nov 3, 2021

Apache HTTP Server Path Traversal Vulnerability

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-41773 Apache · HTTP Server Added Nov 3, 2021

Apache HTTP Server Path Traversal Vulnerability

Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0211 Apache · HTTP Server Added Nov 3, 2021

Apache HTTP Server Privilege Escalation Vulnerability

Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute code with the privileges of the parent process (usually root) by manipulating the scoreboard.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-4437 Apache · Shiro Added Nov 3, 2021

Apache Shiro Code Execution Vulnerability

Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the "remember me" feature.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-17558 Apache · Solr Added Nov 3, 2021

Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability

The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-17530 Apache · Struts Added Nov 3, 2021

Apache Struts Remote Code Execution Vulnerability

Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-5638 Apache · Struts Added Nov 3, 2021

Apache Struts Remote Code Execution Vulnerability

Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-11776 Apache · Struts Added Nov 3, 2021

Apache Struts Remote Code Execution Vulnerability

Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Or, using URL tag which doesn't have value and action set and in same time, its upper package configuration have no or wildcard namespace.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30858 Apple · iOS, iPadOS, and macOS Added Nov 3, 2021

Apple iOS, iPadOS, macOS Use-After-Free Vulnerability

Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-6223 Apple · iOS and macOS Added Nov 3, 2021

Apple iOS and macOS Group Facetime Vulnerability

Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30860 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products Integer Overflow Vulnerability

Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-27930 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30807 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products Memory Corruption Vulnerability

Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-27950 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products Memory Initialization Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-27932 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products Type Confusion Vulnerability

Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-9818 Apple · iOS, iPadOS, and watchOS Added Nov 3, 2021

Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability

Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-9819 Apple · iOS, iPadOS, and watchOS Added Nov 3, 2021

Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability

Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30762 Apple · iOS Added Nov 3, 2021

Apple iOS WebKit Use-After-Free Vulnerability

Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-1782 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products Race Condition Vulnerability

Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-1870 Apple · iOS, iPadOS, and macOS Added Nov 3, 2021

Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability

Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-1871 Apple · iOS, iPadOS, and macOS Added Nov 3, 2021

Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability

Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-1879 Apple · iOS, iPadOS, and watchOS Added Nov 3, 2021

Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability

Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30661 Apple · Multiple Products Added Nov 3, 2021

Apple Multiple Products WebKit Storage Use-After-Free Vulnerability

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30666 Apple · iOS Added Nov 3, 2021

Apple iOS WebKit Buffer Overflow Vulnerability

Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30713 Apple · macOS Added Nov 3, 2021

Apple macOS Unspecified Vulnerability

Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.