KEV topic

Critical-severity KEV entries (CVSS 9.0+)

KEV entries with a CVSS v3 base score of 9.0 or higher — the CRITICAL band per the CVSS specification, meaning near-maximum impact and exploitation that typically requires little attacker effort. These are the patch-this-week items regardless of vendor or product category. Updated daily from the CISA KEV catalog.

Updated 17 hours ago. 155 entries in this topic. All SMB-relevant entries.

CVE-2026-34910Patch this week
Ubiquiti UniFi OS Improper Input Validation Vulnerability
Affects anyone running Ubiquiti UniFi networking gear (access points, switches, security gateways, NVRs). The gear carries internal network traffic and often hosts video surveillance — exploitation can expose network traffic or grant management access to the network itself.
Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.
Added to KEV Jun 23, 2026 · Ubiquiti UniFi OS
CVE-2026-34909Patch this week
Ubiquiti UniFi OS Path Traversal Vulnerability
Affects anyone running Ubiquiti UniFi networking gear (access points, switches, security gateways, NVRs). The gear carries internal network traffic and often hosts video surveillance — exploitation can expose network traffic or grant management access to the network itself.
Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.
Added to KEV Jun 23, 2026 · Ubiquiti UniFi OS
CVE-2026-34908Patch this week
Ubiquiti UniFi OS Improper Access Control Vulnerability
Affects anyone running Ubiquiti UniFi networking gear (access points, switches, security gateways, NVRs). The gear carries internal network traffic and often hosts video surveillance — exploitation can expose network traffic or grant management access to the network itself.
Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.
Added to KEV Jun 23, 2026 · Ubiquiti UniFi OS
CVE-2026-10520Patch this week
Ivanti Sentry OS Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.
Added to KEV Jun 11, 2026 · Ivanti Sentry
CVE-2026-0257Patch this week
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.
Added to KEV May 29, 2026 · Palo Alto Networks PAN-OS
CVE-2008-4250Patch this week
Microsoft Windows Buffer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
Added to KEV May 20, 2026 · Microsoft Windows
CVE-2026-20182Patch this week
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
Added to KEV May 14, 2026 · Cisco Catalyst SD-WAN
CVE-2026-0300Patch this week
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
Added to KEV May 6, 2026 · Palo Alto Networks PAN-OS
CVE-2026-21643Patch this week
Fortinet FortiClient EMS SQL Injection Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Added to KEV Apr 13, 2026 · Fortinet FortiClient EMS
CVE-2026-1340Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Added to KEV Apr 8, 2026 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2026-35616Patch this week
Fortinet FortiClient EMS Improper Access Control Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Added to KEV Apr 6, 2026 · Fortinet FortiClient EMS
CVE-2026-20131Known ransomware usePatch now
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
Added to KEV Mar 19, 2026 · Cisco Secure Firewall Management Center (FMC)
CVE-2026-20963Patch this week
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
Added to KEV Mar 18, 2026 · Microsoft SharePoint
CVE-2026-20127Patch this week
Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Added to KEV Feb 25, 2026 · Cisco Catalyst SD-WAN Controller and Manager
CVE-2024-43468Patch this week
Microsoft Configuration Manager SQL Injection Vulnerability
Affects anyone running Microsoft Configuration Manager. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
Added to KEV Feb 12, 2026 · Microsoft Configuration Manager
CVE-2026-1281Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Added to KEV Jan 29, 2026 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2026-24858Patch this week
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
Added to KEV Jan 27, 2026 · Fortinet Multiple Products
CVE-2025-20393Patch this week
Cisco Multiple Products Improper Input Validation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance.
Added to KEV Dec 17, 2025 · Cisco Multiple Products
CVE-2025-59718Patch this week
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719 pertains to the same problem and is mentioned in the same vendor advisory. Ensure to apply all patches mentioned in the advisory.
Added to KEV Dec 16, 2025 · Fortinet Multiple Products
CVE-2025-64446Patch this week
Fortinet FortiWeb Path Traversal Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Added to KEV Nov 14, 2025 · Fortinet FortiWeb
CVE-2025-54236Patch this week
Adobe Commerce and Magento Improper Input Validation Vulnerability
Affects anyone running Adobe Commerce and Magento. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
Added to KEV Oct 24, 2025 · Adobe Commerce and Magento
CVE-2025-59287Patch this week
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Added to KEV Oct 24, 2025 · Microsoft Windows
CVE-2025-54253Patch this week
Adobe Experience Manager Forms Code Execution Vulnerability
Affects anyone running Adobe Experience Manager (AEM) Forms. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
Added to KEV Oct 15, 2025 · Adobe Experience Manager (AEM) Forms
CVE-2025-20333Patch this week
Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362.
Added to KEV Sep 25, 2025 · Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense
CVE-2025-10585Patch this week
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
Added to KEV Sep 23, 2025 · Google Chromium V8
CVE-2025-43300Patch this week
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
Added to KEV Aug 21, 2025 · Apple iOS, iPadOS, and macOS
CVE-2025-20337Patch this week
Cisco Identity Services Engine Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.
Added to KEV Jul 28, 2025 · Cisco Identity Services Engine
CVE-2025-20281Patch this week
Cisco Identity Services Engine Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.
Added to KEV Jul 28, 2025 · Cisco Identity Services Engine
CVE-2025-53770Known ransomware usePatch now
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
Added to KEV Jul 20, 2025 · Microsoft SharePoint
CVE-2025-25257Patch this week
Fortinet FortiWeb SQL Injection Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Added to KEV Jul 18, 2025 · Fortinet FortiWeb
CVE-2025-32756Patch this week
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.
Added to KEV May 14, 2025 · Fortinet Multiple Products
CVE-2025-31201Patch this week
Apple Multiple Products Arbitrary Read and Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
Added to KEV Apr 17, 2025 · Apple Multiple Products
CVE-2025-31200Patch this week
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.
Added to KEV Apr 17, 2025 · Apple Multiple Products
CVE-2025-22457Known ransomware usePatch now
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.
Added to KEV Apr 4, 2025 · Ivanti Connect Secure, Policy Secure, and ZTA Gateways
CVE-2024-20439Patch this week
Cisco Smart Licensing Utility Static Credential Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.
Added to KEV Mar 31, 2025 · Cisco Smart Licensing Utility
CVE-2025-24201Patch this week
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Mar 13, 2025 · Apple Multiple Products
CVE-2024-13161Patch this week
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Added to KEV Mar 10, 2025 · Ivanti Endpoint Manager (EPM)
CVE-2024-13160Patch this week
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Added to KEV Mar 10, 2025 · Ivanti Endpoint Manager (EPM)
CVE-2024-13159Patch this week
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Added to KEV Mar 10, 2025 · Ivanti Endpoint Manager (EPM)
CVE-2017-3066Patch this week
Adobe ColdFusion Deserialization Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
Added to KEV Feb 24, 2025 · Adobe ColdFusion
CVE-2025-0108Patch this week
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts.
Added to KEV Feb 18, 2025 · Palo Alto Networks PAN-OS
CVE-2024-53704Known ransomware usePatch now
SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.
Added to KEV Feb 18, 2025 · SonicWall SonicOS
CVE-2024-21413Patch this week
Microsoft Outlook Improper Input Validation Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.
Added to KEV Feb 6, 2025 · Microsoft Office Outlook
CVE-2025-24085Patch this week
Apple Multiple Products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
Added to KEV Jan 29, 2025 · Apple Multiple Products
CVE-2025-23006Known ransomware usePatch now
SonicWall SMA1000 Appliances Deserialization Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.
Added to KEV Jan 24, 2025 · SonicWall SMA1000 Appliances
CVE-2024-55591Known ransomware usePatch now
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Added to KEV Jan 14, 2025 · Fortinet FortiOS and FortiProxy
CVE-2025-0282Known ransomware usePatch now
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.
Added to KEV Jan 8, 2025 · Ivanti Connect Secure, Policy Secure, and ZTA Gateways
CVE-2024-0012Known ransomware usePatch now
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.
Added to KEV Nov 18, 2024 · Palo Alto Networks PAN-OS
CVE-2024-9465Patch this week
Palo Alto Networks Expedition SQL Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Added to KEV Nov 14, 2024 · Palo Alto Networks Expedition
CVE-2024-5910Patch this week
Palo Alto Networks Expedition Missing Authentication Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data.
Added to KEV Nov 7, 2024 · Palo Alto Networks Expedition
CVE-2024-47575Patch this week
Fortinet FortiManager Missing Authentication Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
Added to KEV Oct 23, 2024 · Fortinet FortiManager
CVE-2024-23113Patch this week
Fortinet Multiple Products Format String Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
Added to KEV Oct 9, 2024 · Fortinet Multiple Products
CVE-2024-7593Patch this week
Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.
Added to KEV Sep 24, 2024 · Ivanti Virtual Traffic Manager
CVE-2024-8963Patch this week
Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.
Added to KEV Sep 19, 2024 · Ivanti Cloud Services Appliance (CSA)
CVE-2014-0497Patch this week
Adobe Flash Player Integer Underflow Vulnerablity
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2024-40766Known ransomware usePatch now
SonicWall SonicOS Improper Access Control Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
Added to KEV Sep 9, 2024 · SonicWall SonicOS
CVE-2024-7971Patch this week
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Aug 26, 2024 · Google Chromium V8
CVE-2024-34102Patch this week
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
Affects anyone running Adobe Commerce and Magento Open Source. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
Added to KEV Jul 17, 2024 · Adobe Commerce and Magento Open Source
CVE-2024-5274Patch this week
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV May 28, 2024 · Google Chromium V8
CVE-2024-4947Patch this week
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Added to KEV May 20, 2024 · Google Chromium V8
CVE-2024-4671Patch this week
Google Chromium Visuals Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV May 13, 2024 · Google Chromium
CVE-2024-3400Known ransomware usePatch now
Palo Alto Networks PAN-OS Command Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
Added to KEV Apr 12, 2024 · Palo Alto Networks PAN-OS
CVE-2021-44529Known ransomware usePatch now
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).
Added to KEV Mar 25, 2024 · Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA)
CVE-2023-48788Known ransomware usePatch now
Fortinet FortiClient EMS SQL Injection Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
Added to KEV Mar 25, 2024 · Fortinet FortiClient EMS
CVE-2024-21410Patch this week
Microsoft Exchange Server Privilege Escalation Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Feb 15, 2024 · Microsoft Exchange Server
CVE-2024-21762Known ransomware usePatch now
Fortinet FortiOS Out-of-Bound Write Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
Added to KEV Feb 9, 2024 · Fortinet FortiOS
CVE-2023-35082Known ransomware usePatch now
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.
Added to KEV Jan 18, 2024 · Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core
CVE-2023-29357Known ransomware usePatch now
Microsoft SharePoint Server Privilege Escalation Vulnerability
Affects anyone running Microsoft SharePoint Server. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.
Added to KEV Jan 10, 2024 · Microsoft SharePoint Server
CVE-2024-21887Known ransomware usePatch now
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.
Added to KEV Jan 10, 2024 · Ivanti Connect Secure and Policy Secure
CVE-2023-29300Known ransomware usePatch now
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Added to KEV Jan 8, 2024 · Adobe ColdFusion
CVE-2023-38203Known ransomware usePatch now
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Added to KEV Jan 8, 2024 · Adobe ColdFusion
CVE-2023-6345Patch this week
Google Skia Integer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Added to KEV Nov 30, 2023 · Google Chromium Skia
CVE-2023-20198Patch this week
Cisco IOS XE Web UI Privilege Escalation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.
Added to KEV Oct 16, 2023 · Cisco IOS XE Web UI
CVE-2023-38035Known ransomware usePatch now
Ivanti Sentry Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Added to KEV Aug 22, 2023 · Ivanti Sentry
CVE-2023-26359Patch this week
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
Added to KEV Aug 21, 2023 · Adobe ColdFusion
CVE-2023-35078Known ransomware usePatch now
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.
Added to KEV Jul 25, 2023 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2023-27997Known ransomware usePatch now
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
Added to KEV Jun 13, 2023 · Fortinet FortiOS and FortiProxy SSL-VPN
CVE-2023-2136Patch this week
Google Chrome Skia Integer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Added to KEV Apr 21, 2023 · Google Chromium Skia
CVE-2023-23397Patch this week
Microsoft Office Outlook Privilege Escalation Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
Added to KEV Mar 14, 2023 · Microsoft Office
CVE-2022-42475Known ransomware usePatch now
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
Added to KEV Dec 13, 2022 · Fortinet FortiOS
CVE-2022-4135Patch this week
Google Chromium GPU Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 28, 2022 · Google Chromium GPU
CVE-2022-40684Known ransomware usePatch now
Fortinet Multiple Products Authentication Bypass Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Added to KEV Oct 11, 2022 · Fortinet Multiple Products
CVE-2022-3075Patch this week
Google Chromium Mojo Insufficient Data Validation Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Sep 8, 2022 · Google Chromium Mojo
CVE-2017-15944Patch this week
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained.
Added to KEV Aug 18, 2022 · Palo Alto Networks PAN-OS
CVE-2011-2462Patch this week
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Reader and Acrobat
CVE-2014-0546Patch this week
Adobe Reader and Acrobat Sandbox Bypass Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context.
Added to KEV May 25, 2022 · Adobe Reader and Acrobat
CVE-2017-8543Patch this week
Microsoft Windows Search Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory.
Added to KEV May 24, 2022 · Microsoft Windows
CVE-2010-5330Patch this week
Ubiquiti AirOS Command Injection Vulnerability
Affects anyone running Ubiquiti UniFi networking gear (access points, switches, security gateways, NVRs). The gear carries internal network traffic and often hosts video surveillance — exploitation can expose network traffic or grant management access to the network itself.
Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
Added to KEV Apr 15, 2022 · Ubiquiti AirOS
CVE-2015-5123Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-5122Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-0313Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-0311Patch this week
Adobe Flash Player Remote Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-3113Patch this week
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2021-31166Patch this week
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
Affects anyone running Microsoft HTTP Protocol Stack. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
Added to KEV Apr 6, 2022 · Microsoft HTTP Protocol Stack
CVE-2021-20028Known ransomware usePatch now
SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
Added to KEV Mar 28, 2022 · SonicWall Secure Remote Access (SRA)
CVE-2013-2729Patch this week
Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.
Added to KEV Mar 28, 2022 · Adobe Reader and Acrobat
CVE-2020-2021Known ransomware usePatch now
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.
Added to KEV Mar 25, 2022 · Palo Alto Networks PAN-OS
CVE-2018-0147Patch this week
Cisco Secure Access Control System Java Deserialization Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software.
Added to KEV Mar 25, 2022 · Cisco Secure Access Control System (ACS)
CVE-2018-0125Patch this week
Cisco VPN Routers Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system.
Added to KEV Mar 25, 2022 · Cisco VPN Routers
CVE-2017-3881Patch this week
Cisco IOS and IOS XE Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
Added to KEV Mar 25, 2022 · Cisco IOS and IOS XE
CVE-2016-4171Patch this week
Adobe Flash Player Remote Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
Added to KEV Mar 25, 2022 · Adobe Flash Player
CVE-2010-2861Known ransomware usePatch now
Adobe ColdFusion Directory Traversal Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.
Added to KEV Mar 25, 2022 · Adobe ColdFusion
CVE-2020-5135Patch this week
SonicWall SonicOS Buffer Overflow Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.
Added to KEV Mar 15, 2022 · SonicWall SonicOS
CVE-2013-0625Patch this week
Adobe ColdFusion Authentication Bypass Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
Added to KEV Mar 7, 2022 · Adobe ColdFusion
CVE-2022-20708Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2022-20703Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2022-20701Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2022-20700Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2022-20699Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2018-0151Patch this week
Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2017-12240Patch this week
Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2016-4117Patch this week
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2016-1019Known ransomware usePatch now
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2015-5119Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2015-3043Patch this week
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2013-3346Patch this week
Adobe Reader and Acrobat Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-0632Patch this week
Adobe ColdFusion Authentication Bypass Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.
Added to KEV Mar 3, 2022 · Adobe ColdFusion
CVE-2011-1889Patch this week
Microsoft Forefront TMG Remote Code Execution Vulnerability
Affects anyone running Microsoft Forefront Threat Management Gateway (TMG). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.
Added to KEV Mar 3, 2022 · Microsoft Forefront Threat Management Gateway (TMG)
CVE-2022-24086Patch this week
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
Affects anyone running Adobe Commerce and Magento Open Source. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.
Added to KEV Feb 15, 2022 · Adobe Commerce and Magento Open Source
CVE-2015-1635Patch this week
Microsoft HTTP.sys Remote Code Execution Vulnerability
Affects anyone running Microsoft HTTP.sys. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.
Added to KEV Feb 10, 2022 · Microsoft HTTP.sys
CVE-2020-0796Known ransomware usePatch now
Microsoft SMBv3 Remote Code Execution Vulnerability
Affects anyone running Microsoft SMBv3. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
Added to KEV Feb 10, 2022 · Microsoft SMBv3
CVE-2022-22587Patch this week
Apple Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.
Added to KEV Jan 28, 2022 · Apple iOS and macOS
CVE-2021-20038Known ransomware usePatch now
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
Added to KEV Jan 28, 2022 · SonicWall SMA 100 Appliances
CVE-2014-1776Patch this week
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.
Added to KEV Jan 28, 2022 · Microsoft Internet Explorer
CVE-2018-13382Known ransomware usePatch now
Fortinet FortiOS and FortiProxy Improper Authorization
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.
Added to KEV Jan 10, 2022 · Fortinet FortiOS and FortiProxy
CVE-2018-4939Patch this week
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe ColdFusion
CVE-2018-15961Patch this week
Adobe ColdFusion Unrestricted File Upload Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe ColdFusion
CVE-2021-1870Patch this week
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2021-1871Patch this week
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2021-1497Patch this week
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.
Added to KEV Nov 3, 2021 · Cisco HyperFlex HX
CVE-2021-1498Patch this week
Cisco HyperFlex HX Data Platform Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.
Added to KEV Nov 3, 2021 · Cisco HyperFlex HX
CVE-2020-3161Patch this week
Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.
Added to KEV Nov 3, 2021 · Cisco IP Phones
CVE-2020-12812Known ransomware usePatch now
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.
Added to KEV Nov 3, 2021 · Fortinet FortiOS
CVE-2018-13379Known ransomware usePatch now
Fortinet FortiOS SSL VPN Path Traversal Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
Added to KEV Nov 3, 2021 · Fortinet FortiOS
CVE-2020-16010Patch this week
Google Chrome for Android UI Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Added to KEV Nov 3, 2021 · Google Chrome for Android UI
CVE-2020-15999Patch this week
Google Chrome FreeType Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
Added to KEV Nov 3, 2021 · Google Chrome FreeType
CVE-2020-16017Patch this week
Google Chrome Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Added to KEV Nov 3, 2021 · Google Chrome
CVE-2021-30633Patch this week
Google Chromium Indexed DB API Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium Indexed DB API
CVE-2021-37973Patch this week
Google Chromium Portals Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.
Added to KEV Nov 3, 2021 · Google Chromium Portals
CVE-2020-15505Patch this week
Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Ivanti MobileIron Multiple Products
CVE-2021-38647Known ransomware usePatch now
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Affects anyone running Microsoft Open Management Infrastructure (OMI). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Open Management Infrastructure (OMI)
CVE-2021-34523Known ransomware usePatch now
Microsoft Exchange Server Privilege Escalation Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Exchange Server
CVE-2017-7269Patch this week
Microsoft Windows Server Buffer Overflow Vulnerability
Affects anyone running Microsoft Internet Information Services (IIS). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.
Added to KEV Nov 3, 2021 · Microsoft Internet Information Services (IIS)
CVE-2019-0708Known ransomware usePatch now
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Affects anyone running Microsoft Remote Desktop Services. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.
Added to KEV Nov 3, 2021 · Microsoft Remote Desktop Services
CVE-2021-34473Known ransomware usePatch now
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Exchange Server
CVE-2020-1040Patch this week
Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
Affects anyone running Microsoft Hyper-V RemoteFX. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system.
Added to KEV Nov 3, 2021 · Microsoft Hyper-V RemoteFX
CVE-2020-1350Patch this week
Microsoft Windows DNS Server Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-26855Known ransomware usePatch now
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Added to KEV Nov 3, 2021 · Microsoft Exchange Server
CVE-2019-0604Known ransomware usePatch now
Microsoft SharePoint Remote Code Execution Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.
Added to KEV Nov 3, 2021 · Microsoft SharePoint
CVE-2020-0646Patch this week
Microsoft .NET Framework Remote Code Execution Vulnerability
Affects anyone running Microsoft .NET Framework. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft .NET Framework
CVE-2021-22893Known ransomware usePatch now
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2019-11510Known ransomware usePatch now
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2021-20021Known ransomware usePatch now
SonicWall Email Security Improper Privilege Management Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.
Added to KEV Nov 3, 2021 · SonicWall Email Security
CVE-2018-0171Patch this week
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.
Added to KEV Nov 3, 2021 · Cisco IOS and IOS XE
CVE-2021-20016Known ransomware usePatch now
SonicWall SSLVPN SMA100 SQL Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
Added to KEV Nov 3, 2021 · SonicWall SSLVPN SMA100

KEV topic

Critical-severity KEV entries (CVSS 9.0+)

Updated 17 hours ago. 155 entries in this topic. All SMB-relevant entries.

CVE-2026-34910Patch this week
Ubiquiti UniFi OS Improper Input Validation Vulnerability
Affects anyone running Ubiquiti UniFi networking gear (access points, switches, security gateways, NVRs). The gear carries internal network traffic and often hosts video surveillance — exploitation can expose network traffic or grant management access to the network itself.
Ubiquiti UniFi OS contains an improper input validation vulnerability which could allow a malicious actor with access to the network to conduct command injection.
Added to KEV Jun 23, 2026 · Ubiquiti UniFi OS
CVE-2026-34909Patch this week
Ubiquiti UniFi OS Path Traversal Vulnerability
Affects anyone running Ubiquiti UniFi networking gear (access points, switches, security gateways, NVRs). The gear carries internal network traffic and often hosts video surveillance — exploitation can expose network traffic or grant management access to the network itself.
Ubiquiti UniFi OS contains a path traversal vulnerability which could allow a malicious actor with access to the network to access files on the underlying system that could be manipulated to access an underlying account.
Added to KEV Jun 23, 2026 · Ubiquiti UniFi OS
CVE-2026-34908Patch this week
Ubiquiti UniFi OS Improper Access Control Vulnerability
Affects anyone running Ubiquiti UniFi networking gear (access points, switches, security gateways, NVRs). The gear carries internal network traffic and often hosts video surveillance — exploitation can expose network traffic or grant management access to the network itself.
Ubiquiti UniFi OS contains an improper access control vulnerability which could allow a malicious actor with access to the network to make unauthorized changes to the system.
Added to KEV Jun 23, 2026 · Ubiquiti UniFi OS
CVE-2026-10520Patch this week
Ivanti Sentry OS Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.
Added to KEV Jun 11, 2026 · Ivanti Sentry
CVE-2026-0257Patch this week
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability that allows attackers to bypass security restrictions and establish an unauthorized VPN connection.
Added to KEV May 29, 2026 · Palo Alto Networks PAN-OS
CVE-2008-4250Patch this week
Microsoft Windows Buffer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
Added to KEV May 20, 2026 · Microsoft Windows
CVE-2026-20182Patch this week
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system.
Added to KEV May 14, 2026 · Cisco Catalyst SD-WAN
CVE-2026-0300Patch this week
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
Added to KEV May 6, 2026 · Palo Alto Networks PAN-OS
CVE-2026-21643Patch this week
Fortinet FortiClient EMS SQL Injection Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests.
Added to KEV Apr 13, 2026 · Fortinet FortiClient EMS
CVE-2026-1340Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Added to KEV Apr 8, 2026 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2026-35616Patch this week
Fortinet FortiClient EMS Improper Access Control Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Added to KEV Apr 6, 2026 · Fortinet FortiClient EMS
CVE-2026-20131Known ransomware usePatch now
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
Added to KEV Mar 19, 2026 · Cisco Secure Firewall Management Center (FMC)
CVE-2026-20963Patch this week
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network.
Added to KEV Mar 18, 2026 · Microsoft SharePoint
CVE-2026-20127Patch this week
Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric.
Added to KEV Feb 25, 2026 · Cisco Catalyst SD-WAN Controller and Manager
CVE-2024-43468Patch this week
Microsoft Configuration Manager SQL Injection Vulnerability
Affects anyone running Microsoft Configuration Manager. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database.
Added to KEV Feb 12, 2026 · Microsoft Configuration Manager
CVE-2026-1281Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Added to KEV Jan 29, 2026 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2026-24858Patch this week
Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices.
Added to KEV Jan 27, 2026 · Fortinet Multiple Products
CVE-2025-20393Patch this week
Cisco Multiple Products Improper Input Validation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance.
Added to KEV Dec 17, 2025 · Cisco Multiple Products
CVE-2025-59718Patch this week
Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719 pertains to the same problem and is mentioned in the same vendor advisory. Ensure to apply all patches mentioned in the advisory.
Added to KEV Dec 16, 2025 · Fortinet Multiple Products
CVE-2025-64446Patch this week
Fortinet FortiWeb Path Traversal Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests.
Added to KEV Nov 14, 2025 · Fortinet FortiWeb
CVE-2025-54236Patch this week
Adobe Commerce and Magento Improper Input Validation Vulnerability
Affects anyone running Adobe Commerce and Magento. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API.
Added to KEV Oct 24, 2025 · Adobe Commerce and Magento
CVE-2025-59287Patch this week
Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Added to KEV Oct 24, 2025 · Microsoft Windows
CVE-2025-54253Patch this week
Adobe Experience Manager Forms Code Execution Vulnerability
Affects anyone running Adobe Experience Manager (AEM) Forms. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution.
Added to KEV Oct 15, 2025 · Adobe Experience Manager (AEM) Forms
CVE-2025-20333Patch this week
Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362.
Added to KEV Sep 25, 2025 · Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense
CVE-2025-10585Patch this week
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine.
Added to KEV Sep 23, 2025 · Google Chromium V8
CVE-2025-43300Patch this week
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
Added to KEV Aug 21, 2025 · Apple iOS, iPadOS, and macOS
CVE-2025-20337Patch this week
Cisco Identity Services Engine Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.
Added to KEV Jul 28, 2025 · Cisco Identity Services Engine
CVE-2025-20281Patch this week
Cisco Identity Services Engine Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device.
Added to KEV Jul 28, 2025 · Cisco Identity Services Engine
CVE-2025-53770Known ransomware usePatch now
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
Added to KEV Jul 20, 2025 · Microsoft SharePoint
CVE-2025-25257Patch this week
Fortinet FortiWeb SQL Injection Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests.
Added to KEV Jul 18, 2025 · Fortinet FortiWeb
CVE-2025-32756Patch this week
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.
Added to KEV May 14, 2025 · Fortinet Multiple Products
CVE-2025-31201Patch this week
Apple Multiple Products Arbitrary Read and Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication.
Added to KEV Apr 17, 2025 · Apple Multiple Products
CVE-2025-31200Patch this week
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file.
Added to KEV Apr 17, 2025 · Apple Multiple Products
CVE-2025-22457Known ransomware usePatch now
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.
Added to KEV Apr 4, 2025 · Ivanti Connect Secure, Policy Secure, and ZTA Gateways
CVE-2024-20439Patch this week
Cisco Smart Licensing Utility Static Credential Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.
Added to KEV Mar 31, 2025 · Cisco Smart Licensing Utility
CVE-2025-24201Patch this week
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Mar 13, 2025 · Apple Multiple Products
CVE-2024-13161Patch this week
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Added to KEV Mar 10, 2025 · Ivanti Endpoint Manager (EPM)
CVE-2024-13160Patch this week
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Added to KEV Mar 10, 2025 · Ivanti Endpoint Manager (EPM)
CVE-2024-13159Patch this week
Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information.
Added to KEV Mar 10, 2025 · Ivanti Endpoint Manager (EPM)
CVE-2017-3066Patch this week
Adobe ColdFusion Deserialization Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.
Added to KEV Feb 24, 2025 · Adobe ColdFusion
CVE-2025-0108Patch this week
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts.
Added to KEV Feb 18, 2025 · Palo Alto Networks PAN-OS
CVE-2024-53704Known ransomware usePatch now
SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.
Added to KEV Feb 18, 2025 · SonicWall SonicOS
CVE-2024-21413Patch this week
Microsoft Outlook Improper Input Validation Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode.
Added to KEV Feb 6, 2025 · Microsoft Office Outlook
CVE-2025-24085Patch this week
Apple Multiple Products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
Added to KEV Jan 29, 2025 · Apple Multiple Products
CVE-2025-23006Known ransomware usePatch now
SonicWall SMA1000 Appliances Deserialization Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.
Added to KEV Jan 24, 2025 · SonicWall SMA1000 Appliances
CVE-2024-55591Known ransomware usePatch now
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Added to KEV Jan 14, 2025 · Fortinet FortiOS and FortiProxy
CVE-2025-0282Known ransomware usePatch now
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.
Added to KEV Jan 8, 2025 · Ivanti Connect Secure, Policy Secure, and ZTA Gateways
CVE-2024-0012Known ransomware usePatch now
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.
Added to KEV Nov 18, 2024 · Palo Alto Networks PAN-OS
CVE-2024-9465Patch this week
Palo Alto Networks Expedition SQL Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system.
Added to KEV Nov 14, 2024 · Palo Alto Networks Expedition
CVE-2024-5910Patch this week
Palo Alto Networks Expedition Missing Authentication Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data.
Added to KEV Nov 7, 2024 · Palo Alto Networks Expedition
CVE-2024-47575Patch this week
Fortinet FortiManager Missing Authentication Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
Added to KEV Oct 23, 2024 · Fortinet FortiManager
CVE-2024-23113Patch this week
Fortinet Multiple Products Format String Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests.
Added to KEV Oct 9, 2024 · Fortinet Multiple Products
CVE-2024-7593Patch this week
Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account.
Added to KEV Sep 24, 2024 · Ivanti Virtual Traffic Manager
CVE-2024-8963Patch this week
Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance.
Added to KEV Sep 19, 2024 · Ivanti Cloud Services Appliance (CSA)
CVE-2014-0497Patch this week
Adobe Flash Player Integer Underflow Vulnerablity
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2024-40766Known ransomware usePatch now
SonicWall SonicOS Improper Access Control Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
Added to KEV Sep 9, 2024 · SonicWall SonicOS
CVE-2024-7971Patch this week
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Aug 26, 2024 · Google Chromium V8
CVE-2024-34102Patch this week
Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability
Affects anyone running Adobe Commerce and Magento Open Source. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.
Added to KEV Jul 17, 2024 · Adobe Commerce and Magento Open Source
CVE-2024-5274Patch this week
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV May 28, 2024 · Google Chromium V8
CVE-2024-4947Patch this week
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Added to KEV May 20, 2024 · Google Chromium V8
CVE-2024-4671Patch this week
Google Chromium Visuals Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV May 13, 2024 · Google Chromium
CVE-2024-3400Known ransomware usePatch now
Palo Alto Networks PAN-OS Command Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
Added to KEV Apr 12, 2024 · Palo Alto Networks PAN-OS
CVE-2021-44529Known ransomware usePatch now
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).
Added to KEV Mar 25, 2024 · Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA)
CVE-2023-48788Known ransomware usePatch now
Fortinet FortiClient EMS SQL Injection Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
Added to KEV Mar 25, 2024 · Fortinet FortiClient EMS
CVE-2024-21410Patch this week
Microsoft Exchange Server Privilege Escalation Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Feb 15, 2024 · Microsoft Exchange Server
CVE-2024-21762Known ransomware usePatch now
Fortinet FortiOS Out-of-Bound Write Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
Added to KEV Feb 9, 2024 · Fortinet FortiOS
CVE-2023-35082Known ransomware usePatch now
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.
Added to KEV Jan 18, 2024 · Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core
CVE-2023-29357Known ransomware usePatch now
Microsoft SharePoint Server Privilege Escalation Vulnerability
Affects anyone running Microsoft SharePoint Server. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.
Added to KEV Jan 10, 2024 · Microsoft SharePoint Server
CVE-2024-21887Known ransomware usePatch now
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.
Added to KEV Jan 10, 2024 · Ivanti Connect Secure and Policy Secure
CVE-2023-29300Known ransomware usePatch now
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Added to KEV Jan 8, 2024 · Adobe ColdFusion
CVE-2023-38203Known ransomware usePatch now
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Added to KEV Jan 8, 2024 · Adobe ColdFusion
CVE-2023-6345Patch this week
Google Skia Integer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Added to KEV Nov 30, 2023 · Google Chromium Skia
CVE-2023-20198Patch this week
Cisco IOS XE Web UI Privilege Escalation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.
Added to KEV Oct 16, 2023 · Cisco IOS XE Web UI
CVE-2023-38035Known ransomware usePatch now
Ivanti Sentry Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Added to KEV Aug 22, 2023 · Ivanti Sentry
CVE-2023-26359Patch this week
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.
Added to KEV Aug 21, 2023 · Adobe ColdFusion
CVE-2023-35078Known ransomware usePatch now
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.
Added to KEV Jul 25, 2023 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2023-27997Known ransomware usePatch now
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
Added to KEV Jun 13, 2023 · Fortinet FortiOS and FortiProxy SSL-VPN
CVE-2023-2136Patch this week
Google Chrome Skia Integer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Added to KEV Apr 21, 2023 · Google Chromium Skia
CVE-2023-23397Patch this week
Microsoft Office Outlook Privilege Escalation Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
Added to KEV Mar 14, 2023 · Microsoft Office
CVE-2022-42475Known ransomware usePatch now
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
Added to KEV Dec 13, 2022 · Fortinet FortiOS
CVE-2022-4135Patch this week
Google Chromium GPU Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 28, 2022 · Google Chromium GPU
CVE-2022-40684Known ransomware usePatch now
Fortinet Multiple Products Authentication Bypass Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Added to KEV Oct 11, 2022 · Fortinet Multiple Products
CVE-2022-3075Patch this week
Google Chromium Mojo Insufficient Data Validation Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Sep 8, 2022 · Google Chromium Mojo
CVE-2017-15944Patch this week
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained.
Added to KEV Aug 18, 2022 · Palo Alto Networks PAN-OS
CVE-2011-2462Patch this week
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Reader and Acrobat
CVE-2014-0546Patch this week
Adobe Reader and Acrobat Sandbox Bypass Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context.
Added to KEV May 25, 2022 · Adobe Reader and Acrobat
CVE-2017-8543Patch this week
Microsoft Windows Search Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory.
Added to KEV May 24, 2022 · Microsoft Windows
CVE-2010-5330Patch this week
Ubiquiti AirOS Command Injection Vulnerability
Affects anyone running Ubiquiti UniFi networking gear (access points, switches, security gateways, NVRs). The gear carries internal network traffic and often hosts video surveillance — exploitation can expose network traffic or grant management access to the network itself.
Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
Added to KEV Apr 15, 2022 · Ubiquiti AirOS
CVE-2015-5123Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-5122Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-0313Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-0311Patch this week
Adobe Flash Player Remote Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-3113Patch this week
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2021-31166Patch this week
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
Affects anyone running Microsoft HTTP Protocol Stack. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
Added to KEV Apr 6, 2022 · Microsoft HTTP Protocol Stack
CVE-2021-20028Known ransomware usePatch now
SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
Added to KEV Mar 28, 2022 · SonicWall Secure Remote Access (SRA)
CVE-2013-2729Patch this week
Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.
Added to KEV Mar 28, 2022 · Adobe Reader and Acrobat
CVE-2020-2021Known ransomware usePatch now
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.
Added to KEV Mar 25, 2022 · Palo Alto Networks PAN-OS
CVE-2018-0147Patch this week
Cisco Secure Access Control System Java Deserialization Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software.
Added to KEV Mar 25, 2022 · Cisco Secure Access Control System (ACS)
CVE-2018-0125Patch this week
Cisco VPN Routers Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system.
Added to KEV Mar 25, 2022 · Cisco VPN Routers
CVE-2017-3881Patch this week
Cisco IOS and IOS XE Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
Added to KEV Mar 25, 2022 · Cisco IOS and IOS XE
CVE-2016-4171Patch this week
Adobe Flash Player Remote Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
Added to KEV Mar 25, 2022 · Adobe Flash Player
CVE-2010-2861Known ransomware usePatch now
Adobe ColdFusion Directory Traversal Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.
Added to KEV Mar 25, 2022 · Adobe ColdFusion
CVE-2020-5135Patch this week
SonicWall SonicOS Buffer Overflow Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.
Added to KEV Mar 15, 2022 · SonicWall SonicOS
CVE-2013-0625Patch this week
Adobe ColdFusion Authentication Bypass Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.
Added to KEV Mar 7, 2022 · Adobe ColdFusion
CVE-2022-20708Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2022-20703Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2022-20701Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2022-20700Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2022-20699Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2018-0151Patch this week
Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2017-12240Patch this week
Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system.
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2016-4117Patch this week
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2016-1019Known ransomware usePatch now
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2015-5119Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2015-3043Patch this week
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2013-3346Patch this week
Adobe Reader and Acrobat Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-0632Patch this week
Adobe ColdFusion Authentication Bypass Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.
Added to KEV Mar 3, 2022 · Adobe ColdFusion
CVE-2011-1889Patch this week
Microsoft Forefront TMG Remote Code Execution Vulnerability
Affects anyone running Microsoft Forefront Threat Management Gateway (TMG). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.
Added to KEV Mar 3, 2022 · Microsoft Forefront Threat Management Gateway (TMG)
CVE-2022-24086Patch this week
Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability
Affects anyone running Adobe Commerce and Magento Open Source. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.
Added to KEV Feb 15, 2022 · Adobe Commerce and Magento Open Source
CVE-2015-1635Patch this week
Microsoft HTTP.sys Remote Code Execution Vulnerability
Affects anyone running Microsoft HTTP.sys. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.
Added to KEV Feb 10, 2022 · Microsoft HTTP.sys
CVE-2020-0796Known ransomware usePatch now
Microsoft SMBv3 Remote Code Execution Vulnerability
Affects anyone running Microsoft SMBv3. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
Added to KEV Feb 10, 2022 · Microsoft SMBv3
CVE-2022-22587Patch this week
Apple Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.
Added to KEV Jan 28, 2022 · Apple iOS and macOS
CVE-2021-20038Known ransomware usePatch now
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
Added to KEV Jan 28, 2022 · SonicWall SMA 100 Appliances
CVE-2014-1776Patch this week
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.
Added to KEV Jan 28, 2022 · Microsoft Internet Explorer
CVE-2018-13382Known ransomware usePatch now
Fortinet FortiOS and FortiProxy Improper Authorization
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.
Added to KEV Jan 10, 2022 · Fortinet FortiOS and FortiProxy
CVE-2018-4939Patch this week
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe ColdFusion
CVE-2018-15961Patch this week
Adobe ColdFusion Unrestricted File Upload Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe ColdFusion
CVE-2021-1870Patch this week
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2021-1871Patch this week
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2021-1497Patch this week
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.
Added to KEV Nov 3, 2021 · Cisco HyperFlex HX
CVE-2021-1498Patch this week
Cisco HyperFlex HX Data Platform Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.
Added to KEV Nov 3, 2021 · Cisco HyperFlex HX
CVE-2020-3161Patch this week
Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.
Added to KEV Nov 3, 2021 · Cisco IP Phones
CVE-2020-12812Known ransomware usePatch now
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.
Added to KEV Nov 3, 2021 · Fortinet FortiOS
CVE-2018-13379Known ransomware usePatch now
Fortinet FortiOS SSL VPN Path Traversal Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
Added to KEV Nov 3, 2021 · Fortinet FortiOS
CVE-2020-16010Patch this week
Google Chrome for Android UI Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Added to KEV Nov 3, 2021 · Google Chrome for Android UI
CVE-2020-15999Patch this week
Google Chrome FreeType Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
Added to KEV Nov 3, 2021 · Google Chrome FreeType
CVE-2020-16017Patch this week
Google Chrome Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Added to KEV Nov 3, 2021 · Google Chrome
CVE-2021-30633Patch this week
Google Chromium Indexed DB API Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium Indexed DB API
CVE-2021-37973Patch this week
Google Chromium Portals Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.
Added to KEV Nov 3, 2021 · Google Chromium Portals
CVE-2020-15505Patch this week
Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Ivanti MobileIron Multiple Products
CVE-2021-38647Known ransomware usePatch now
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Affects anyone running Microsoft Open Management Infrastructure (OMI). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Open Management Infrastructure (OMI)
CVE-2021-34523Known ransomware usePatch now
Microsoft Exchange Server Privilege Escalation Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Exchange Server
CVE-2017-7269Patch this week
Microsoft Windows Server Buffer Overflow Vulnerability
Affects anyone running Microsoft Internet Information Services (IIS). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with "If: <http://" in a PROPFIND request.
Added to KEV Nov 3, 2021 · Microsoft Internet Information Services (IIS)
CVE-2019-0708Known ransomware usePatch now
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Affects anyone running Microsoft Remote Desktop Services. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.
Added to KEV Nov 3, 2021 · Microsoft Remote Desktop Services
CVE-2021-34473Known ransomware usePatch now
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Exchange Server
CVE-2020-1040Patch this week
Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability
Affects anyone running Microsoft Hyper-V RemoteFX. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system.
Added to KEV Nov 3, 2021 · Microsoft Hyper-V RemoteFX
CVE-2020-1350Patch this week
Microsoft Windows DNS Server Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-26855Known ransomware usePatch now
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Added to KEV Nov 3, 2021 · Microsoft Exchange Server
CVE-2019-0604Known ransomware usePatch now
Microsoft SharePoint Remote Code Execution Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.
Added to KEV Nov 3, 2021 · Microsoft SharePoint
CVE-2020-0646Patch this week
Microsoft .NET Framework Remote Code Execution Vulnerability
Affects anyone running Microsoft .NET Framework. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft .NET Framework
CVE-2021-22893Known ransomware usePatch now
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2019-11510Known ransomware usePatch now
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2021-20021Known ransomware usePatch now
SonicWall Email Security Improper Privilege Management Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.
Added to KEV Nov 3, 2021 · SonicWall Email Security
CVE-2018-0171Patch this week
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.
Added to KEV Nov 3, 2021 · Cisco IOS and IOS XE
CVE-2021-20016Known ransomware usePatch now
SonicWall SSLVPN SMA100 SQL Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.
Added to KEV Nov 3, 2021 · SonicWall SSLVPN SMA100