Security Bulletins

Active threat advisories and known exploited vulnerabilities.

Pulled daily from the CISA Known Exploited Vulnerabilities catalog. Every entry has confirmed active exploitation in the wild. Last synced Jun 18, 2026.

1,623 total bulletins 1,623 critical or high severity Source: CISA KEV + NVD
All 1,623 Critical 1,623 High 0 Medium 0 Low 0 1,623 critical entries
Critical CVE-2021-1675 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Print Spooler Remote Code Execution Vulnerability

Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-34448 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Scripting Engine Memory Corruption Vulnerability

Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-0601 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows CryptoAPI Spoofing Vulnerability

Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0604 Microsoft · SharePoint Added Nov 3, 2021

Microsoft SharePoint Remote Code Execution Vulnerability

Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-0646 Microsoft · .NET Framework Added Nov 3, 2021

Microsoft .NET Framework Remote Code Execution Vulnerability

Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0808 Microsoft · Win32k Added Nov 3, 2021

Microsoft Win32k Privilege Escalation Vulnerability

Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-26857 Microsoft · Exchange Server Added Nov 3, 2021

Microsoft Exchange Server Remote Code Execution Vulnerability

Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-1147 Microsoft · .NET Framework, SharePoint, Visual Studio Added Nov 3, 2021

Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability

Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserialization of the XML content.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-1214 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability

Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2016-3235 Microsoft · Office Added Nov 3, 2021

Microsoft Office OLE DLL Side Loading Vulnerability

Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-0863 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability

Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-36955 Microsoft · Windows Added Nov 3, 2021

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability

Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2021-38648 Microsoft · Open Management Infrastructure (OMI) Added Nov 3, 2021

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability

Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-6819 Mozilla · Firefox and Thunderbird Added Nov 3, 2021

Mozilla Firefox And Thunderbird Use-After-Free Vulnerability

Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-6820 Mozilla · Firefox and Thunderbird Added Nov 3, 2021

Mozilla Firefox And Thunderbird Use-After-Free Vulnerability

Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-17026 Mozilla · Firefox and Thunderbird Added Nov 3, 2021

Mozilla Firefox And Thunderbird Type Confusion Vulnerability

Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-15949 Nagios · Nagios XI Added Nov 3, 2021

Nagios XI Remote Code Execution Vulnerability

Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-26919 NETGEAR · JGS516PE Devices Added Nov 3, 2021

Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability

Netgear JGS516PE devices contain a missing function level access control vulnerability.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2019-19356 Netis · WF2419 Devices Added Nov 3, 2021

Netis WF2419 Devices Remote Code Execution Vulnerability

Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-2555 Oracle · Multiple Products Added Nov 3, 2021

Oracle Multiple Products Remote Code Execution Vulnerability

Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment Planning, Oracle Commerce, Oracle Communications Diameter Signaling Router (DSR).

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2012-3152 Oracle · Fusion Middleware Added Nov 3, 2021

Oracle Fusion Middleware Unspecified Vulnerability

Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-14871 Oracle · Solaris and Zettabyte File System (ZFS) Added Nov 3, 2021

Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability

Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2015-4852 Oracle · WebLogic Server Added Nov 3, 2021

Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability

Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-14750 Oracle · WebLogic Server Added Nov 3, 2021

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed
Critical CVE-2020-14882 Oracle · WebLogic Server Added Nov 3, 2021

Oracle WebLogic Server Remote Code Execution Vulnerability

Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750.

NVD Detail ↗ CISA KEV ↗ Patch deadline passed

Need help prioritizing these vulnerabilities?

ThreatGrid can assess your environment and map active CVEs to your monitored assets.