Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 18, 2026.

1,623 total bulletins 1,623 critical or high severity Source: CISA KEV + NVD
All 1,623 Critical 1,623 High 0 Medium 0 Low 0 1,623 critical entries
Critical CVE-2018-0296 Cisco · Adaptive Security Appliance (ASA) Added Nov 3, 2021

Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability

Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-13608 Citrix · StoreFront Server Added Nov 3, 2021

Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability

Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-8193 Citrix · Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance Added Nov 3, 2021

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-8195 Citrix · Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance Added Nov 3, 2021

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-8196 Citrix · Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance Added Nov 3, 2021

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-19781 Citrix · Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance Added Nov 3, 2021

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability

Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-11634 Citrix · Workspace Application and Receiver for Windows Added Nov 3, 2021

Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability

Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-29557 D-Link · DIR-825 R1 Devices Added Nov 3, 2021

D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability

D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-25506 D-Link · DNS-320 Device Added Nov 3, 2021

D-Link DNS-320 Device Command Injection Vulnerability

D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-15811 DotNetNuke (DNN) · DotNetNuke (DNN) Added Nov 3, 2021

DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability

DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-18325 DotNetNuke (DNN) · DotNetNuke (DNN) Added Nov 3, 2021

DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability

DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-9822 DotNetNuke (DNN) · DotNetNuke (DNN) Added Nov 3, 2021

DotNetNuke (DNN) Remote Code Execution Vulnerability

DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-15752 Docker · Desktop Community Edition Added Nov 3, 2021

Docker Desktop Community Edition Privilege Escalation Vulnerability

Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-8515 DrayTek · Multiple Vigor Routers Added Nov 3, 2021

Multiple DrayTek Vigor Routers Web Management Page Vulnerability

DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-7600 Drupal · Drupal Core Added Nov 3, 2021

Drupal Core Remote Code Execution Vulnerability

Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-22205 GitLab · Community and Enterprise Editions Added Nov 3, 2021

GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-6789 Exim · Exim Added Nov 3, 2021

Exim Buffer Overflow Vulnerability

Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-8657 EyesOfNetwork · EyesOfNetwork Added Nov 3, 2021

EyesOfNetwork Use of Hard-Coded Credentials Vulnerability

EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-8655 EyesOfNetwork · EyesOfNetwork Added Nov 3, 2021

EyesOfNetwork Improper Privilege Management Vulnerability

EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-5902 F5 · BIG-IP Added Nov 3, 2021

F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability

F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-22986 F5 · BIG-IP and BIG-IQ Centralized Management Added Nov 3, 2021

F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability

F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-35464 ForgeRock · Access Management (AM) Added Nov 3, 2021

ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability

ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-5591 Fortinet · FortiOS Added Nov 3, 2021

Fortinet FortiOS Default Configuration Vulnerability

Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-12812 Fortinet · FortiOS Added Nov 3, 2021

Fortinet FortiOS SSL VPN Improper Authentication Vulnerability

Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-13379 Fortinet · FortiOS Added Nov 3, 2021

Fortinet FortiOS SSL VPN Path Traversal Vulnerability

Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.