Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 18, 2026.

1,623 total bulletins 1,623 critical or high severity Source: CISA KEV + NVD
All 1,623 Critical 1,623 High 0 Medium 0 Low 0 1,623 entries
Critical CVE-2020-0938 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability

Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-17144 Microsoft · Exchange Server Added Nov 3, 2021

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-0986 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Kernel Privilege Escalation Vulnerability

Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-1020 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability

Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-38645 Microsoft · Open Management Infrastructure (OMI) Added Nov 3, 2021

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability

Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-34523 Microsoft · Exchange Server Added Nov 3, 2021

Microsoft Exchange Server Privilege Escalation Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-7269 Microsoft · Internet Information Services (IIS) Added Nov 3, 2021

Microsoft Windows Server Buffer Overflow Vulnerability

Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-36948 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Update Medic Service Privilege Escalation Vulnerability

Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-38649 Microsoft · Open Management Infrastructure (OMI) Added Nov 3, 2021

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability

Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-0688 Microsoft · Exchange Server Added Nov 3, 2021

Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability

Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-0143 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability

Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-7255 Microsoft · Win32k Added Nov 3, 2021

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0708 Microsoft · Remote Desktop Services Added Nov 3, 2021

Microsoft Remote Desktop Services Remote Code Execution Vulnerability

Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-34473 Microsoft · Exchange Server Added Nov 3, 2021

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-1464 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Spoofing Vulnerability

Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-1732 Microsoft · Win32k Added Nov 3, 2021

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-34527 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Print Spooler Remote Code Execution Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-31207 Microsoft · Exchange Server Added Nov 3, 2021

Microsoft Exchange Server Security Feature Bypass Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0803 Microsoft · Win32k Added Nov 3, 2021

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-1040 Microsoft · Hyper-V RemoteFX Added Nov 3, 2021

Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability

Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-28310 Microsoft · Win32k Added Nov 3, 2021

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-1350 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows DNS Server Remote Code Execution Vulnerability

Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-26411 Microsoft · Internet Explorer Added Nov 3, 2021

Microsoft Internet Explorer Memory Corruption Vulnerability

Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0859 Microsoft · Win32k Added Nov 3, 2021

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-40444 Microsoft · MSHTML Added Nov 3, 2021

Microsoft MSHTML Remote Code Execution Vulnerability

Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.