Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 18, 2026.

1,623 total bulletins 1,623 critical or high severity Source: CISA KEV + NVD
All 1,623 Critical 1,623 High 0 Medium 0 Low 0 1,623 entries
Critical CVE-2019-4716 IBM · Planning Analytics Added Nov 3, 2021

IBM Planning Analytics Remote Code Execution Vulnerability

IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-3715 ImageMagick · ImageMagick Added Nov 3, 2021

ImageMagick Arbitrary File Deletion Vulnerability

ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-3718 ImageMagick · ImageMagick Added Nov 3, 2021

ImageMagick Server-Side Request Forgery (SSRF) Vulnerability

ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-15505 Ivanti · MobileIron Multiple Products Added Nov 3, 2021

Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability

Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-30116 Kaseya · Virtual System/Server Administrator (VSA) Added Nov 3, 2021

Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability

Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-7961 Liferay · Liferay Portal Added Nov 3, 2021

Liferay Portal Deserialization of Untrusted Data Vulnerability

Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-23874 McAfee · McAfee Total Protection (MTP) Added Nov 3, 2021

McAfee Total Protection (MTP) Improper Privilege Management Vulnerability

McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-22506 Micro Focus · Micro Focus Access Manager Added Nov 3, 2021

Micro Focus Access Manager Information Leakage Vulnerability

Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-22502 Micro Focus · Operation Bridge Reporter (OBR) Added Nov 3, 2021

Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability

Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2014-1812 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability

Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-38647 Microsoft · Open Management Infrastructure (OMI) Added Nov 3, 2021

Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability

Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-0167 Microsoft · Win32k Added Nov 3, 2021

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-0878 Microsoft · Edge and Internet Explorer Added Nov 3, 2021

Microsoft Edge and Internet Explorer Memory Corruption Vulnerability

Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-31955 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Kernel Information Disclosure Vulnerability

Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-1647 Microsoft · Defender Added Nov 3, 2021

Microsoft Defender Remote Code Execution Vulnerability

Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-33739 Microsoft · Windows Added Nov 3, 2021

Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability

Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-0185 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Media Center Remote Code Execution Vulnerability

Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-0683 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Installer Privilege Escalation Vulnerability

Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-17087 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Kernel Privilege Escalation Vulnerability

Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-33742 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability

Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-31199 Microsoft · Enhanced Cryptographic Provider Added Nov 3, 2021

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability

Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-33771 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Kernel Privilege Escalation Vulnerability

Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-31956 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows NTFS Privilege Escalation Vulnerability

Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-31201 Microsoft · Enhanced Cryptographic Provider Added Nov 3, 2021

Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability

Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-31979 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Kernel Privilege Escalation Vulnerability

Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.