Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 18, 2026.

1,623 total bulletins 1,623 critical or high severity Source: CISA KEV + NVD
All 1,623 Critical 1,623 High 0 Medium 0 Low 0 1,623 entries
Critical CVE-2017-8759 Microsoft · .NET Framework Added Nov 3, 2021

Microsoft .NET Framework Remote Code Execution Vulnerability

Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-8653 Microsoft · Internet Explorer Added Nov 3, 2021

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0797 Microsoft · Win32k Added Nov 3, 2021

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-36942 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability

Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-1215 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Privilege Escalation Vulnerability

Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0798 Microsoft · Office Added Nov 3, 2021

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2018-0802 Microsoft · Office Added Nov 3, 2021

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2012-0158 Microsoft · MSCOMCTL.OCX Added Nov 3, 2021

Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability

Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2015-1641 Microsoft · Office Added Nov 3, 2021

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-27085 Microsoft · Internet Explorer Added Nov 3, 2021

Microsoft Internet Explorer Remote Code Execution Vulnerability

Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0541 Microsoft · MSHTML Added Nov 3, 2021

Microsoft MSHTML Remote Code Execution Vulnerability

Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-11882 Microsoft · Office Added Nov 3, 2021

Microsoft Office Memory Corruption Vulnerability

Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-0674 Microsoft · Internet Explorer Added Nov 3, 2021

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-27059 Microsoft · Office Added Nov 3, 2021

Microsoft Office Remote Code Execution Vulnerability

Microsoft Office contains an unspecified vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-1367 Microsoft · Internet Explorer Added Nov 3, 2021

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-0199 Microsoft · Office and WordPad Added Nov 3, 2021

Microsoft Office and WordPad Remote Code Execution Vulnerability

Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-1380 Microsoft · Internet Explorer Added Nov 3, 2021

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-1429 Microsoft · Internet Explorer Added Nov 3, 2021

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2017-11774 Microsoft · Office Added Nov 3, 2021

Microsoft Office Outlook Security Feature Bypass Vulnerability

Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-0968 Microsoft · Internet Explorer Added Nov 3, 2021

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability

Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-1472 Microsoft · Netlogon Added Nov 3, 2021

Microsoft Netlogon Privilege Escalation Vulnerability

Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-26855 Microsoft · Exchange Server Added Nov 3, 2021

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-26858 Microsoft · Exchange Server Added Nov 3, 2021

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-27065 Microsoft · Exchange Server Added Nov 3, 2021

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-1054 Microsoft · Win32k Added Nov 3, 2021

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.