KEV topic

High-severity KEV entries (CVSS 7.0–8.9)

KEV entries with a CVSS v3 base score between 7.0 and 8.9 — the HIGH band per the CVSS specification, meaning serious impact across confidentiality, integrity, or availability with exploitation that's still tractable for motivated attackers. Treat as patch-this-month items; the CRITICAL band (separate page) gets patch-this-week urgency. Updated daily from the CISA KEV catalog.

Updated 17 hours ago. 554 entries in this topic. All SMB-relevant entries.

CVE-2026-11645Plan to patch
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 9, 2026 · Google Chromium V8
CVE-2026-20245Patch this week
Cisco Catalyst SD-WAN Manager Improper Encoding or Escaping of Output Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Catalyst SD-WAN Manager formerly SD-WAN vManage contains an improper encoding or escaping of output vulnerability. This vulnerability could allow an authenticated, local attacker to execute arbitrary commands as root by supplying a crafted file to the affected system.
Added to KEV Jun 9, 2026 · Cisco Catalyst SD-WAN Manager
CVE-2009-1537Plan to patch
Microsoft DirectX NULL Byte Overwrite Vulnerability
Affects anyone running Microsoft DirectX. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file.
Added to KEV May 20, 2026 · Microsoft DirectX
CVE-2009-3459Plan to patch
Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption.
Added to KEV May 20, 2026 · Adobe Acrobat and Reader
CVE-2010-0249Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV May 20, 2026 · Microsoft Internet Explorer
CVE-2010-0806Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV May 20, 2026 · Microsoft Internet Explorer
CVE-2026-41091Plan to patch
Microsoft Defender Link Following Vulnerability
Affects anyone running Microsoft Defender. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV May 20, 2026 · Microsoft Defender
CVE-2026-42897Plan to patch
Microsoft Exchange Server Cross-Site Scripting Vulnerability
Affects anyone running Microsoft. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context.
Added to KEV May 15, 2026 · Microsoft
CVE-2026-6973Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.
Added to KEV May 7, 2026 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2026-33825Plan to patch
Microsoft Defender Insufficient Granularity of Access Control Vulnerability
Affects anyone running Microsoft Defender. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally.
Added to KEV Apr 22, 2026 · Microsoft Defender
CVE-2026-20128Patch this week
Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user.
Added to KEV Apr 20, 2026 · Cisco Catalyst SD-WAN Manager
CVE-2009-0238Plan to patch
Microsoft Office Remote Code Execution
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.
Added to KEV Apr 14, 2026 · Microsoft Office
CVE-2012-1854Plan to patch
Microsoft Visual Basic for Applications Insecure Library Loading Vulnerability
Affects anyone running Microsoft Visual Basic for Applications (VBA). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution.
Added to KEV Apr 13, 2026 · Microsoft Visual Basic for Applications (VBA)
CVE-2025-60710Plan to patch
Microsoft Windows Link Following Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains a link following vulnerability that allows for privilege escalation
Added to KEV Apr 13, 2026 · Microsoft Windows
CVE-2023-21529Known ransomware usePatch now
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
Added to KEV Apr 13, 2026 · Microsoft Exchange Server
CVE-2023-36424Plan to patch
Microsoft Windows Out-of-Bounds Read Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation
Added to KEV Apr 13, 2026 · Microsoft Windows
CVE-2020-9715Plan to patch
Adobe Acrobat Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Added to KEV Apr 13, 2026 · Adobe Acrobat
CVE-2026-34621Plan to patch
Adobe Acrobat and Reader Prototype Pollution Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a prototype pollution vulnerability that allows for arbitrary code execution.
Added to KEV Apr 13, 2026 · Adobe Acrobat and Reader
CVE-2026-5281Plan to patch
Google Dawn Use-After-Free Vulnerability
Affects anyone running Google Dawn. Google products typically sit at the identity or browsing layer — exploitation usually affects access to cloud services and stored sessions.
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Apr 1, 2026 · Google Dawn
CVE-2025-43510Plan to patch
Apple Multiple Products Improper Locking Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes.
Added to KEV Mar 20, 2026 · Apple Multiple Products
CVE-2025-31277Plan to patch
Apple Multiple Products Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption.
Added to KEV Mar 20, 2026 · Apple Multiple Products
CVE-2026-3910Plan to patch
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Mar 13, 2026 · Google Chromium V8
CVE-2026-3909Plan to patch
Google Skia Out-of-Bounds Write Vulnerability
Affects anyone running Google Skia. Google products typically sit at the identity or browsing layer — exploitation usually affects access to cloud services and stored sessions.
Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Added to KEV Mar 13, 2026 · Google Skia
CVE-2026-1603Patch this week
Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data.
Added to KEV Mar 9, 2026 · Ivanti Endpoint Manager (EPM)
CVE-2023-43000Plan to patch
Apple Multiple products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
Added to KEV Mar 5, 2026 · Apple Multiple Products
CVE-2021-30952Plan to patch
Apple Multiple Products Integer Overflow or Wraparound Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution.
Added to KEV Mar 5, 2026 · Apple Multiple Products
CVE-2023-41974Plan to patch
Apple iOS and iPadOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
Added to KEV Mar 5, 2026 · Apple iOS and iPadOS
CVE-2022-20775Patch this week
Cisco SD-WAN Path Traversal Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user.
Added to KEV Feb 25, 2026 · Cisco SD-WAN
CVE-2008-0015Plan to patch
Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.
Added to KEV Feb 17, 2026 · Microsoft Windows
CVE-2026-2441Plan to patch
Google Chromium CSS Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Feb 17, 2026 · Google Chromium
CVE-2026-20700Plan to patch
Apple Multiple Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code.
Added to KEV Feb 12, 2026 · Apple Multiple Products
CVE-2026-21513Plan to patch
Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
Added to KEV Feb 10, 2026 · Microsoft Windows
CVE-2026-21510Plan to patch
Microsoft Windows Shell Protection Mechanism Failure Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.
Added to KEV Feb 10, 2026 · Microsoft Windows
CVE-2026-21533Plan to patch
Microsoft Windows Improper Privilege Management Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally.
Added to KEV Feb 10, 2026 · Microsoft Windows
CVE-2026-21519Plan to patch
Microsoft Windows Type Confusion Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally.
Added to KEV Feb 10, 2026 · Microsoft Windows
CVE-2026-21514Plan to patch
Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally.
Added to KEV Feb 10, 2026 · Microsoft Office
CVE-2026-21509Plan to patch
Microsoft Office Security Feature Bypass Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted product(s) could be end-of-life (EoL) and/or end-of-service (EoS). Users are advised to discontinue use and/or transition to a supported version.
Added to KEV Jan 26, 2026 · Microsoft Office
CVE-2026-20045Patch this week
Cisco Unified Communications Products Code Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection vulnerability that could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.
Added to KEV Jan 21, 2026 · Cisco Unified Communications Manager
CVE-2009-0556Plan to patch
Microsoft Office PowerPoint Code Injection Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption.
Added to KEV Jan 7, 2026 · Microsoft Office
CVE-2025-43529Plan to patch
Apple Multiple Products Use-After-Free WebKit Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Dec 15, 2025 · Apple Multiple Products
CVE-2025-14174Plan to patch
Google Chromium Out of Bounds Memory Access Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Dec 12, 2025 · Google Chromium
CVE-2025-62221Plan to patch
Microsoft Windows Use After Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.
Added to KEV Dec 9, 2025 · Microsoft Windows
CVE-2025-13223Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption.
Added to KEV Nov 19, 2025 · Google Chromium V8
CVE-2025-58034Patch this week
Fortinet FortiWeb OS Command Injection Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Added to KEV Nov 18, 2025 · Fortinet FortiWeb
CVE-2025-62215Plan to patch
Microsoft Windows Race Condition Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access.
Added to KEV Nov 12, 2025 · Microsoft Windows
CVE-2022-48503Plan to patch
Apple Multiple Products Unspecified Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV Oct 20, 2025 · Apple Multiple Products
CVE-2025-33073Plan to patch
Microsoft Windows SMB Client Improper Access Control Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate.
Added to KEV Oct 20, 2025 · Microsoft Windows
CVE-2025-24990Plan to patch
Microsoft Windows Untrusted Pointer Dereference Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges.
Added to KEV Oct 14, 2025 · Microsoft Windows
CVE-2025-59230Plan to patch
Microsoft Windows Improper Access Control Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally.
Added to KEV Oct 14, 2025 · Microsoft Windows
CVE-2010-3962Plan to patch
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV Oct 6, 2025 · Microsoft Internet Explorer
CVE-2021-43226Plan to patch
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms.
Added to KEV Oct 6, 2025 · Microsoft Windows
CVE-2013-3918Plan to patch
Microsoft Windows Out-of-Bounds Write Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV Oct 6, 2025 · Microsoft Windows
CVE-2011-3402Plan to patch
Microsoft Windows Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page.
Added to KEV Oct 6, 2025 · Microsoft Windows
CVE-2025-20352Patch this week
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system.
Added to KEV Sep 29, 2025 · Cisco IOS and IOS XE
CVE-2007-0671Plan to patch
Microsoft Office Excel Remote Code Execution Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system.
Added to KEV Aug 12, 2025 · Microsoft Office
CVE-2013-3893Plan to patch
Microsoft Internet Explorer Resource Management Errors Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV Aug 12, 2025 · Microsoft Internet Explorer
CVE-2025-6558Plan to patch
Google Chromium ANGLE and GPU Improper Input Validation Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jul 22, 2025 · Google Chromium
CVE-2025-49704Known ransomware usePatch now
Microsoft SharePoint Code Injection Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
Added to KEV Jul 22, 2025 · Microsoft SharePoint
CVE-2025-6554Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jul 2, 2025 · Google Chromium V8
CVE-2025-33053Plan to patch
Microsoft Windows External Control of File Name or Path Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files.
Added to KEV Jun 10, 2025 · Microsoft Windows
CVE-2025-5419Plan to patch
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 5, 2025 · Google Chromium V8
CVE-2025-4428Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036.
Added to KEV May 19, 2025 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2025-32709Plan to patch
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.
Added to KEV May 13, 2025 · Microsoft Windows
CVE-2025-30397Plan to patch
Microsoft Windows Scripting Engine Type Confusion Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL.
Added to KEV May 13, 2025 · Microsoft Windows
CVE-2025-32706Plan to patch
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV May 13, 2025 · Microsoft Windows
CVE-2025-32701Plan to patch
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV May 13, 2025 · Microsoft Windows
CVE-2025-30400Plan to patch
Microsoft Windows DWM Core Library Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV May 13, 2025 · Microsoft Windows
CVE-2023-44221Patch this week
SonicWall SMA100 Appliances OS Command Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.
Added to KEV May 1, 2025 · SonicWall SMA100 Appliances
CVE-2025-29824Known ransomware usePatch now
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV Apr 8, 2025 · Microsoft Windows
CVE-2025-2783Plan to patch
Google Chromium Mojo Sandbox Escape Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Mar 27, 2025 · Google Chromium Mojo
CVE-2025-24472Known ransomware usePatch now
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
Added to KEV Mar 18, 2025 · Fortinet FortiOS and FortiProxy
CVE-2025-24993Plan to patch
Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally.
Added to KEV Mar 11, 2025 · Microsoft Windows
CVE-2025-24985Plan to patch
Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally.
Added to KEV Mar 11, 2025 · Microsoft Windows
CVE-2025-24983Plan to patch
Microsoft Windows Win32k Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV Mar 11, 2025 · Microsoft Windows
CVE-2025-26633Known ransomware usePatch now
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.
Added to KEV Mar 11, 2025 · Microsoft Windows
CVE-2018-8639Known ransomware usePatch now
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Added to KEV Mar 3, 2025 · Microsoft Windows
CVE-2024-49035Plan to patch
Microsoft Partner Center Improper Access Control Vulnerability
Affects anyone running Microsoft Partner Center. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.
Added to KEV Feb 25, 2025 · Microsoft Partner Center
CVE-2025-24989Plan to patch
Microsoft Power Pages Improper Access Control Vulnerability
Affects anyone running Microsoft Power Pages. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.
Added to KEV Feb 21, 2025 · Microsoft Power Pages
CVE-2025-21418Plan to patch
Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
Added to KEV Feb 11, 2025 · Microsoft Windows
CVE-2025-21391Plan to patch
Microsoft Windows Storage Link Following Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable.
Added to KEV Feb 11, 2025 · Microsoft Windows
CVE-2024-29059Plan to patch
Microsoft .NET Framework Information Disclosure Vulnerability
Affects anyone running Microsoft .NET Framework. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.
Added to KEV Feb 4, 2025 · Microsoft .NET Framework
CVE-2025-21335Plan to patch
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
Added to KEV Jan 14, 2025 · Microsoft Windows
CVE-2025-21334Plan to patch
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
Added to KEV Jan 14, 2025 · Microsoft Windows
CVE-2025-21333Plan to patch
Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges.
Added to KEV Jan 14, 2025 · Microsoft Windows
CVE-2024-3393Patch this week
Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.
Added to KEV Dec 30, 2024 · Palo Alto Networks PAN-OS
CVE-2024-35250Plan to patch
Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges.
Added to KEV Dec 16, 2024 · Microsoft Windows
CVE-2024-20767Plan to patch
Adobe ColdFusion Improper Access Control Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel.
Added to KEV Dec 16, 2024 · Adobe ColdFusion
CVE-2024-49138Plan to patch
Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges.
Added to KEV Dec 10, 2024 · Microsoft Windows
CVE-2024-44308Plan to patch
Apple Multiple Products Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution.
Added to KEV Nov 21, 2024 · Apple Multiple Products
CVE-2024-9474Known ransomware usePatch now
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.
Added to KEV Nov 18, 2024 · Palo Alto Networks PAN-OS
CVE-2024-9463Patch this week
Palo Alto Networks Expedition OS Command Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Added to KEV Nov 14, 2024 · Palo Alto Networks Expedition
CVE-2024-49039Known ransomware usePatch now
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions.
Added to KEV Nov 12, 2024 · Microsoft Windows
CVE-2024-38094Known ransomware usePatch now
Microsoft SharePoint Deserialization Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.
Added to KEV Oct 22, 2024 · Microsoft SharePoint
CVE-2024-30088Known ransomware usePatch now
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.
Added to KEV Oct 15, 2024 · Microsoft Windows
CVE-2024-9380Patch this week
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Added to KEV Oct 9, 2024 · Ivanti Cloud Services Appliance (CSA)
CVE-2024-43572Plan to patch
Microsoft Windows Management Console Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution.
Added to KEV Oct 8, 2024 · Microsoft Windows
CVE-2024-29824Patch this week
Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.
Added to KEV Oct 2, 2024 · Ivanti Endpoint Manager (EPM)
CVE-2020-0618Plan to patch
Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability
Affects anyone running Microsoft SQL Server. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account.
Added to KEV Sep 18, 2024 · Microsoft SQL Server
CVE-2013-0648Plan to patch
Adobe Flash Player Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2013-0643Plan to patch
Adobe Flash Player Incorrect Default Permissions Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2014-0502Plan to patch
Adobe Flash Player Double Free Vulnerablity
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.
Added to KEV Sep 17, 2024 · Adobe Flash Player
CVE-2024-43461Plan to patch
Microsoft Windows MSHTML Platform Spoofing Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.
Added to KEV Sep 16, 2024 · Microsoft Windows
CVE-2024-8190Patch this week
Ivanti Cloud Services Appliance OS Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Added to KEV Sep 13, 2024 · Ivanti Cloud Services Appliance
CVE-2024-38226Plan to patch
Microsoft Publisher Protection Mechanism Failure Vulnerability
Affects anyone running Microsoft Publisher. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.
Added to KEV Sep 10, 2024 · Microsoft Publisher
CVE-2024-38014Plan to patch
Microsoft Windows Installer Improper Privilege Management Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.
Added to KEV Sep 10, 2024 · Microsoft Windows
CVE-2024-7965Plan to patch
Google Chromium V8 Inappropriate Implementation Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Aug 28, 2024 · Google Chromium V8
CVE-2021-31196Plan to patch
Microsoft Exchange Server Information Disclosure Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.
Added to KEV Aug 21, 2024 · Microsoft Exchange Server
CVE-2024-38107Plan to patch
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.
Added to KEV Aug 13, 2024 · Microsoft Windows
CVE-2024-38106Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition.
Added to KEV Aug 13, 2024 · Microsoft Windows
CVE-2024-38193Plan to patch
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
Added to KEV Aug 13, 2024 · Microsoft Windows
CVE-2024-38178Plan to patch
Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL.
Added to KEV Aug 13, 2024 · Microsoft Windows
CVE-2024-38189Plan to patch
Microsoft Project Remote Code Execution Vulnerability
Affects anyone running Microsoft Project. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file.
Added to KEV Aug 13, 2024 · Microsoft Project
CVE-2018-0824Plan to patch
Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script.
Added to KEV Aug 5, 2024 · Microsoft Windows
CVE-2012-4792Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.
Added to KEV Jul 23, 2024 · Microsoft Internet Explorer
CVE-2024-38080Plan to patch
Microsoft Windows Hyper-V Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
Added to KEV Jul 9, 2024 · Microsoft Windows
CVE-2024-38112Plan to patch
Microsoft Windows MSHTML Platform Spoofing Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.
Added to KEV Jul 9, 2024 · Microsoft Windows
CVE-2024-26169Known ransomware usePatch now
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
Added to KEV Jun 13, 2024 · Microsoft Windows
CVE-2024-4761Plan to patch
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV May 16, 2024 · Google Chromium V8
CVE-2024-30040Plan to patch
Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.
Added to KEV May 14, 2024 · Microsoft Windows
CVE-2024-30051Known ransomware usePatch now
Microsoft DWM Core Library Privilege Escalation Vulnerability
Affects anyone running Microsoft DWM Core Library. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.
Added to KEV May 14, 2024 · Microsoft DWM Core Library
CVE-2024-29988Plan to patch
Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability
Affects anyone running Microsoft SmartScreen Prompt. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file.
Added to KEV Apr 30, 2024 · Microsoft SmartScreen Prompt
CVE-2024-20353Patch this week
Cisco ASA and FTD Denial of Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition.
Added to KEV Apr 24, 2024 · Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
CVE-2022-38028Plan to patch
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.
Added to KEV Apr 23, 2024 · Microsoft Windows
CVE-2023-24955Known ransomware usePatch now
Microsoft SharePoint Server Code Injection Vulnerability
Affects anyone running Microsoft SharePoint Server. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
Added to KEV Mar 26, 2024 · Microsoft SharePoint Server
CVE-2024-23225Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Added to KEV Mar 6, 2024 · Apple Multiple Products
CVE-2024-23296Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Added to KEV Mar 6, 2024 · Apple Multiple Products
CVE-2024-21338Known ransomware usePatch now
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.
Added to KEV Mar 4, 2024 · Microsoft Windows
CVE-2023-29360Plan to patch
Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability
Affects anyone running Microsoft Streaming Service. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
Added to KEV Feb 29, 2024 · Microsoft Streaming Service
CVE-2020-3259Known ransomware usePatch now
Cisco ASA and FTD Information Disclosure Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations.
Added to KEV Feb 15, 2024 · Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
CVE-2024-21412Known ransomware usePatch now
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.
Added to KEV Feb 13, 2024 · Microsoft Windows
CVE-2024-21351Plan to patch
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.
Added to KEV Feb 13, 2024 · Microsoft Windows
CVE-2023-4762Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Feb 6, 2024 · Google Chromium V8
CVE-2022-48618Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication.
Added to KEV Jan 31, 2024 · Apple Multiple Products
CVE-2024-21893Known ransomware usePatch now
Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.
Added to KEV Jan 31, 2024 · Ivanti Connect Secure, Policy Secure, and Neurons
CVE-2024-23222Plan to patch
Apple Multiple Products WebKit Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jan 23, 2024 · Apple Multiple Products
CVE-2024-0519Plan to patch
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jan 17, 2024 · Google Chromium V8
CVE-2023-46805Known ransomware usePatch now
Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.
Added to KEV Jan 10, 2024 · Ivanti Connect Secure and Policy Secure
CVE-2023-41990Plan to patch
Apple Multiple Products Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file.
Added to KEV Jan 8, 2024 · Apple Multiple Products
CVE-2023-7024Plan to patch
Google Chromium WebRTC Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.
Added to KEV Jan 2, 2024 · Google Chromium WebRTC
CVE-2023-42917Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Dec 4, 2023 · Apple Multiple Products
CVE-2023-36033Plan to patch
Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 14, 2023 · Microsoft Windows
CVE-2023-36025Plan to patch
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts.
Added to KEV Nov 14, 2023 · Microsoft Windows
CVE-2023-36036Plan to patch
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
Added to KEV Nov 14, 2023 · Microsoft Windows
CVE-2023-20273Patch this week
Cisco IOS XE Web UI Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.
Added to KEV Oct 23, 2023 · Cisco IOS XE Web UI
CVE-2023-21608Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
Added to KEV Oct 10, 2023 · Adobe Acrobat and Reader
CVE-2023-42824Plan to patch
Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation.
Added to KEV Oct 5, 2023 · Apple iOS and iPadOS
CVE-2023-28229Plan to patch
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges.
Added to KEV Oct 4, 2023 · Microsoft Windows CNG Key Isolation Service
CVE-2023-5217Plan to patch
Google Chromium libvpx Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.
Added to KEV Oct 2, 2023 · Google Chromium libvpx
CVE-2023-41992Plan to patch
Apple Multiple Products Kernel Privilege Escalation Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.
Added to KEV Sep 25, 2023 · Apple Multiple Products
CVE-2023-41993Plan to patch
Apple Multiple Products WebKit Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Sep 25, 2023 · Apple Multiple Products
CVE-2023-26369Plan to patch
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
Added to KEV Sep 14, 2023 · Adobe Acrobat and Reader
CVE-2023-4863Plan to patch
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.
Added to KEV Sep 13, 2023 · Google Chromium WebP
CVE-2023-36802Plan to patch
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Affects anyone running Microsoft Streaming Service Proxy. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Sep 12, 2023 · Microsoft Streaming Service Proxy
CVE-2023-41064Plan to patch
Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061.
Added to KEV Sep 11, 2023 · Apple iOS, iPadOS, and macOS
CVE-2023-41061Plan to patch
Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064.
Added to KEV Sep 11, 2023 · Apple iOS, iPadOS, and watchOS
CVE-2023-38180Plan to patch
Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability
Affects anyone running Microsoft .NET Core and Visual Studio. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS).
Added to KEV Aug 9, 2023 · Microsoft .NET Core and Visual Studio
CVE-2023-35081Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).
Added to KEV Jul 31, 2023 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2023-29298Plan to patch
Adobe ColdFusion Improper Access Control Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
Added to KEV Jul 20, 2023 · Adobe ColdFusion
CVE-2023-38205Plan to patch
Adobe ColdFusion Improper Access Control Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.
Added to KEV Jul 20, 2023 · Adobe ColdFusion
CVE-2023-36884Known ransomware usePatch now
Microsoft Windows Search Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.
Added to KEV Jul 17, 2023 · Microsoft Windows
CVE-2023-37450Plan to patch
Apple Multiple Products WebKit Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jul 13, 2023 · Apple Multiple Products
CVE-2023-32046Plan to patch
Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Jul 11, 2023 · Microsoft Windows
CVE-2023-32049Plan to patch
Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.
Added to KEV Jul 11, 2023 · Microsoft Windows
CVE-2023-35311Plan to patch
Microsoft Outlook Security Feature Bypass Vulnerability
Affects anyone using Outlook as their mail client. In a CPA or legal practice, Outlook is typically how staff send privileged correspondence and exchange documents — credential or session compromise here exposes that.
Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.
Added to KEV Jul 11, 2023 · Microsoft Outlook
CVE-2023-36874Plan to patch
Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Jul 11, 2023 · Microsoft Windows
CVE-2023-32434Plan to patch
Apple Multiple Products Integer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 23, 2023 · Apple Multiple Products
CVE-2023-32435Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jun 23, 2023 · Apple Multiple Products
CVE-2023-32439Plan to patch
Apple Multiple Products WebKit Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jun 23, 2023 · Apple Multiple Products
CVE-2016-0165Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Jun 22, 2023 · Microsoft Win32k
CVE-2023-3079Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 7, 2023 · Google Chromium V8
CVE-2023-32409Plan to patch
Apple Multiple Products WebKit Sandbox Escape Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 22, 2023 · Apple Multiple Products
CVE-2023-32373Plan to patch
Apple Multiple Products WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 22, 2023 · Apple Multiple Products
CVE-2016-6415Patch this week
Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker to retrieve memory contents. Successful exploitation could allow the attacker to retrieve memory contents, which can lead to information disclosure.
Added to KEV May 19, 2023 · Cisco IOS, IOS XR, and IOS XE
CVE-2023-29336Plan to patch
Microsoft Win32K Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.
Added to KEV May 9, 2023 · Microsoft Win32k
CVE-2017-6742Patch this week
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
Added to KEV Apr 19, 2023 · Cisco IOS and IOS XE Software
CVE-2019-8526Plan to patch
Apple macOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
Added to KEV Apr 17, 2023 · Apple macOS
CVE-2023-2033Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Apr 17, 2023 · Google Chromium V8
CVE-2023-28252Known ransomware usePatch now
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Apr 11, 2023 · Microsoft Windows
CVE-2023-28205Plan to patch
Apple Multiple Products WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Apr 10, 2023 · Apple Multiple Products
CVE-2023-28206Plan to patch
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
Added to KEV Apr 10, 2023 · Apple iOS, iPadOS, and macOS
CVE-2019-1388Known ransomware usePatch now
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
Added to KEV Apr 7, 2023 · Microsoft Windows
CVE-2013-3163Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
Added to KEV Mar 30, 2023 · Microsoft Internet Explorer
CVE-2021-30900Plan to patch
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
Added to KEV Mar 30, 2023 · Apple iOS, iPadOS, and macOS
CVE-2022-3038Plan to patch
Google Chromium Network Service Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Mar 30, 2023 · Google Chromium Network Service
CVE-2023-26360Plan to patch
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Added to KEV Mar 15, 2023 · Adobe ColdFusion
CVE-2023-21715Plan to patch
Microsoft Office Publisher Security Feature Bypass Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.
Added to KEV Feb 14, 2023 · Microsoft Office
CVE-2023-23376Known ransomware usePatch now
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Feb 14, 2023 · Microsoft Windows
CVE-2023-23529Plan to patch
Apple Multiple Products WebKit Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Feb 14, 2023 · Apple Multiple Products
CVE-2023-21823Plan to patch
Microsoft Windows Graphic Component Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Feb 14, 2023 · Microsoft Windows
CVE-2022-41080Known ransomware usePatch now
Microsoft Exchange Server Privilege Escalation Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.
Added to KEV Jan 10, 2023 · Microsoft Exchange Server
CVE-2023-21674Plan to patch
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Jan 10, 2023 · Microsoft Windows
CVE-2022-42856Plan to patch
Apple iOS Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.
Added to KEV Dec 14, 2022 · Apple iOS
CVE-2022-4262Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Dec 5, 2022 · Google Chromium V8
CVE-2022-41073Known ransomware usePatch now
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
Added to KEV Nov 8, 2022 · Microsoft Windows
CVE-2022-41125Plan to patch
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
Added to KEV Nov 8, 2022 · Microsoft Windows
CVE-2022-41128Plan to patch
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.
Added to KEV Nov 8, 2022 · Microsoft Windows
CVE-2022-3723Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Oct 28, 2022 · Google Chromium V8
CVE-2022-42827Plan to patch
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
Added to KEV Oct 25, 2022 · Apple iOS and iPadOS
CVE-2020-3433Known ransomware usePatch now
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.
Added to KEV Oct 24, 2022 · Cisco AnyConnect Secure
CVE-2022-41033Plan to patch
Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Oct 11, 2022 · Microsoft Windows COM+ Event System Service
CVE-2022-41082Known ransomware usePatch now
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.
Added to KEV Sep 30, 2022 · Microsoft Exchange Server
CVE-2022-41040Known ransomware usePatch now
Microsoft Exchange Server Server-Side Request Forgery Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
Added to KEV Sep 30, 2022 · Microsoft Exchange Server
CVE-2010-2568Plan to patch
Microsoft Windows Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.
Added to KEV Sep 15, 2022 · Microsoft Windows
CVE-2022-37969Plan to patch
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Sep 14, 2022 · Microsoft Windows
CVE-2022-32917Plan to patch
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
Added to KEV Sep 14, 2022 · Apple iOS, iPadOS, and macOS
CVE-2021-31010Plan to patch
Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.
Added to KEV Aug 25, 2022 · Apple iOS, macOS, watchOS
CVE-2022-0028Patch this week
Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks.
Added to KEV Aug 22, 2022 · Palo Alto Networks PAN-OS
CVE-2022-32894Plan to patch
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Aug 18, 2022 · Apple iOS and macOS
CVE-2022-32893Plan to patch
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.
Added to KEV Aug 18, 2022 · Apple iOS and macOS
CVE-2022-26923Plan to patch
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Affects anyone running Microsoft Active Directory. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.
Added to KEV Aug 18, 2022 · Microsoft Active Directory
CVE-2022-21971Plan to patch
Microsoft Windows Runtime Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution.
Added to KEV Aug 18, 2022 · Microsoft Windows
CVE-2022-34713Plan to patch
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.
Added to KEV Aug 9, 2022 · Microsoft Windows
CVE-2022-22047Plan to patch
Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.
Added to KEV Jul 12, 2022 · Microsoft Windows
CVE-2022-26925Plan to patch
Microsoft Windows LSA Spoofing Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.
Added to KEV Jul 1, 2022 · Microsoft Windows
CVE-2021-30983Plan to patch
Apple iOS and iPadOS Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple iOS and iPadOS
CVE-2020-3837Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2020-9907Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2019-8605Plan to patch
Apple Multiple Products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2018-4344Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2022-30190Known ransomware usePatch now
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.
Added to KEV Jun 14, 2022 · Microsoft Windows
CVE-2019-15271Patch this week
Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges.
Added to KEV Jun 8, 2022 · Cisco RV Series Routers
CVE-2018-6065Plan to patch
Google Chromium V8 Integer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2018-4990Plan to patch
Adobe Acrobat and Reader Double Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2018-17480Plan to patch
Google Chromium V8 Out-of-Bounds Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2018-17463Plan to patch
Google Chromium V8 Remote Code Execution Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2017-5070Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2017-5030Plan to patch
Google Chromium V8 Memory Corruption Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2016-5198Plan to patch
Google Chromium V8 Out-of-Bounds Memory Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2016-1646Plan to patch
Google Chromium V8 Out-of-Bounds Read Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2013-1331Plan to patch
Microsoft Office Buffer Overflow Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document.
Added to KEV Jun 8, 2022 · Microsoft Office
CVE-2012-5054Plan to patch
Adobe Flash Player Integer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2012-4969Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
Added to KEV Jun 8, 2022 · Microsoft Internet Explorer
CVE-2012-1889Plan to patch
Microsoft XML Core Services Memory Corruption Vulnerability
Affects anyone running Microsoft XML Core Services. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
Added to KEV Jun 8, 2022 · Microsoft XML Core Services
CVE-2012-0754Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2012-0151Plan to patch
Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.
Added to KEV Jun 8, 2022 · Microsoft Windows
CVE-2011-0609Plan to patch
Adobe Flash Player Unspecified Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2010-2883Plan to patch
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2010-1297Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2009-4324Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2009-1862Plan to patch
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader, Flash Player
CVE-2009-0563Plan to patch
Microsoft Office Buffer Overflow Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
Added to KEV Jun 8, 2022 · Microsoft Office
CVE-2009-0557Plan to patch
Microsoft Office Object Record Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.
Added to KEV Jun 8, 2022 · Microsoft Office
CVE-2008-0655Plan to patch
Adobe Acrobat and Reader Unspecified Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2007-5659Plan to patch
Adobe Acrobat and Reader Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2006-2492Plan to patch
Microsoft Word Malformed Object Pointer Vulnerability
Affects anyone running Microsoft Word. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
Added to KEV Jun 8, 2022 · Microsoft Word
CVE-2009-3953Plan to patch
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2010-2572Plan to patch
Microsoft PowerPoint Buffer Overflow Vulnerability
Affects anyone running Microsoft PowerPoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.
Added to KEV Jun 8, 2022 · Microsoft PowerPoint
CVE-2016-3393Plan to patch
Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system.
Added to KEV May 25, 2022 · Microsoft Windows
CVE-2016-7256Plan to patch
Microsoft Windows Open Type Font Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system.
Added to KEV May 25, 2022 · Microsoft Windows
CVE-2016-1010Plan to patch
Adobe Flash Player and AIR Integer Overflow Vulnerability
Affects anyone running Adobe Flash Player and AIR. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.
Added to KEV May 25, 2022 · Adobe Flash Player and AIR
CVE-2016-0984Plan to patch
Adobe Flash Player and AIR Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player and AIR. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.
Added to KEV May 25, 2022 · Adobe Flash Player and AIR
CVE-2016-0034Known ransomware usePatch now
Microsoft Silverlight Runtime Remote Code Execution Vulnerability
Affects anyone running Microsoft Silverlight. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS).
Added to KEV May 25, 2022 · Microsoft Silverlight
CVE-2015-0310Plan to patch
Adobe Flash Player ASLR Bypass Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.
Added to KEV May 25, 2022 · Adobe Flash Player
CVE-2015-0016Plan to patch
Microsoft Windows TS WebProxy Directory Traversal Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges.
Added to KEV May 25, 2022 · Microsoft Windows
CVE-2015-2360Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS).
Added to KEV May 25, 2022 · Microsoft Win32k
CVE-2015-2425Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV May 25, 2022 · Microsoft Internet Explorer
CVE-2014-4077Plan to patch
Microsoft IME Japanese Privilege Escalation Vulnerability
Affects anyone running Microsoft Input Method Editor (IME) Japanese. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE (IME for Japanese) is installed which allows attackers to bypass a sandbox and perform privilege escalation.
Added to KEV May 25, 2022 · Microsoft Input Method Editor (IME) Japanese
CVE-2013-0074Known ransomware usePatch now
Microsoft Silverlight Double Dereference Vulnerability
Affects anyone running Microsoft Silverlight. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.
Added to KEV May 25, 2022 · Microsoft Silverlight
CVE-2015-8651Plan to patch
Adobe Flash Player Integer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Integer overflow in Adobe Flash Player allows attackers to execute code.
Added to KEV May 25, 2022 · Adobe Flash Player
CVE-2015-6175Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application.
Added to KEV May 25, 2022 · Microsoft Windows
CVE-2015-1671Plan to patch
Microsoft Windows Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts.
Added to KEV May 25, 2022 · Microsoft Windows
CVE-2014-4148Plan to patch
Microsoft Windows Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts.
Added to KEV May 25, 2022 · Microsoft Windows
CVE-2014-8439Plan to patch
Adobe Flash Player Dereferenced Pointer Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.
Added to KEV May 25, 2022 · Adobe Flash Player
CVE-2014-4123Plan to patch
Microsoft Internet Explorer Privilege Escalation Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
Added to KEV May 25, 2022 · Microsoft Internet Explorer
CVE-2014-2817Plan to patch
Microsoft Internet Explorer Privilege Escalation Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site.
Added to KEV May 25, 2022 · Microsoft Internet Explorer
CVE-2018-8611Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory.
Added to KEV May 24, 2022 · Microsoft Windows
CVE-2017-0147Known ransomware usePatch now
Microsoft Windows SMBv1 Information Disclosure Vulnerability
Affects anyone running Microsoft SMBv1 server. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.
Added to KEV May 24, 2022 · Microsoft SMBv1 server
CVE-2017-0149Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.
Added to KEV May 24, 2022 · Microsoft Internet Explorer
CVE-2016-4656Plan to patch
Apple iOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application.
Added to KEV May 24, 2022 · Apple iOS
CVE-2016-4657Plan to patch
Apple iOS Webkit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 24, 2022 · Apple iOS
CVE-2016-6366Patch this week
Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code.
Added to KEV May 24, 2022 · Cisco Adaptive Security Appliance (ASA)
CVE-2016-6367Patch this week
Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code.
Added to KEV May 24, 2022 · Cisco Adaptive Security Appliance (ASA)
CVE-2017-0005Plan to patch
Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application.
Added to KEV May 24, 2022 · Microsoft Windows
CVE-2017-0210Plan to patch
Microsoft Internet Explorer Privilege Escalation Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information.
Added to KEV May 24, 2022 · Microsoft Internet Explorer
CVE-2019-7286Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation.
Added to KEV May 23, 2022 · Apple Multiple Products
CVE-2021-30883Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.
Added to KEV May 23, 2022 · Apple Multiple Products
CVE-2020-1027Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
Added to KEV May 23, 2022 · Microsoft Windows
CVE-2020-0638Known ransomware usePatch now
Microsoft Update Notification Manager Privilege Escalation Vulnerability
Affects anyone running Microsoft Update Notification Manager. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV May 23, 2022 · Microsoft Update Notification Manager
CVE-2019-7287Plan to patch
Apple iOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.
Added to KEV May 23, 2022 · Apple iOS
CVE-2019-0880Plan to patch
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.
Added to KEV May 23, 2022 · Microsoft Windows
CVE-2019-13720Plan to patch
Google Chrome WebAudio Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Added to KEV May 23, 2022 · Google Chrome WebAudio
CVE-2019-1385Known ransomware usePatch now
Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.
Added to KEV May 23, 2022 · Microsoft Windows
CVE-2019-1130Known ransomware usePatch now
Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.
Added to KEV May 23, 2022 · Microsoft Windows
CVE-2018-5002Plan to patch
Adobe Flash Player Stack-based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution.
Added to KEV May 23, 2022 · Adobe Flash Player
CVE-2018-8589Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system.
Added to KEV May 23, 2022 · Microsoft Win32k
CVE-2014-0322Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.
Added to KEV May 4, 2022 · Microsoft Internet Explorer
CVE-2021-1789Plan to patch
Apple Multiple Products Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
Added to KEV May 4, 2022 · Apple Multiple Products
CVE-2019-8506Plan to patch
Apple Multiple Products Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
Added to KEV May 4, 2022 · Apple Multiple Products
CVE-2014-4113Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV May 4, 2022 · Microsoft Win32k
CVE-2022-26904Plan to patch
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Apr 25, 2022 · Microsoft Windows
CVE-2022-21919Plan to patch
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Apr 25, 2022 · Microsoft Windows
CVE-2021-41357Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Apr 25, 2022 · Microsoft Win32k
CVE-2021-40450Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Apr 25, 2022 · Microsoft Win32k
CVE-2022-22718Plan to patch
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.
Added to KEV Apr 19, 2022 · Microsoft Windows
CVE-2022-1364Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Apr 15, 2022 · Google Chromium V8
CVE-2022-24521Known ransomware usePatch now
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Apr 13, 2022 · Microsoft Windows
CVE-2014-9163Plan to patch
Adobe Flash Player Stack-Based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-2502Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Microsoft Internet Explorer
CVE-2021-42287Known ransomware usePatch now
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Affects anyone running Microsoft Active Directory. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Apr 11, 2022 · Microsoft Active Directory
CVE-2021-39793Plan to patch
Google Pixel Out-of-Bounds Write Vulnerability
Affects anyone running Google Pixel. Google products typically sit at the identity or browsing layer — exploitation usually affects access to cloud services and stored sessions.
Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
Added to KEV Apr 11, 2022 · Google Pixel
CVE-2021-42278Known ransomware usePatch now
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Affects anyone running Microsoft Active Directory. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Apr 11, 2022 · Microsoft Active Directory
CVE-2017-0148Known ransomware usePatch now
Microsoft SMBv1 Server Remote Code Execution Vulnerability
Affects anyone running Microsoft SMBv1 server. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.
Added to KEV Apr 6, 2022 · Microsoft SMBv1 server
CVE-2022-22675Plan to patch
Apple macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
Added to KEV Apr 4, 2022 · Apple macOS
CVE-2021-34484Plan to patch
Microsoft Windows User Profile Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Mar 31, 2022 · Microsoft Windows
CVE-2022-1096Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Mar 28, 2022 · Google Chromium V8
CVE-2021-38646Known ransomware usePatch now
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
Added to KEV Mar 28, 2022 · Microsoft Office
CVE-2021-34486Plan to patch
Microsoft Windows Event Tracing Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
Added to KEV Mar 28, 2022 · Microsoft Windows
CVE-2019-7483Patch this week
SonicWall SMA100 Directory Traversal Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
Added to KEV Mar 28, 2022 · SonicWall SMA100
CVE-2018-8440Known ransomware usePatch now
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
Added to KEV Mar 28, 2022 · Microsoft Windows
CVE-2018-8406Known ransomware usePatch now
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
Affects anyone running Microsoft DirectX Graphics Kernel (DXGKRNL). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Added to KEV Mar 28, 2022 · Microsoft DirectX Graphics Kernel (DXGKRNL)
CVE-2018-8405Known ransomware usePatch now
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
Affects anyone running Microsoft DirectX Graphics Kernel (DXGKRNL). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Added to KEV Mar 28, 2022 · Microsoft DirectX Graphics Kernel (DXGKRNL)
CVE-2017-0213Known ransomware usePatch now
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
Added to KEV Mar 28, 2022 · Microsoft Windows
CVE-2017-0037Plan to patch
Microsoft Edge and Internet Explorer Type Confusion Vulnerability
Affects anyone using Microsoft Edge as their browser. The browser is the entry point for cloud apps (accounting SaaS, client portals, banking) — exploitation can lead to session theft or stored-credential exposure for everything you log into through it.
Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.
Added to KEV Mar 28, 2022 · Microsoft Edge and Internet Explorer
CVE-2016-7201Plan to patch
Microsoft Edge Memory Corruption Vulnerability
Affects anyone using Microsoft Edge as their browser. The browser is the entry point for cloud apps (accounting SaaS, client portals, banking) — exploitation can lead to session theft or stored-credential exposure for everything you log into through it.
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Added to KEV Mar 28, 2022 · Microsoft Edge
CVE-2016-7200Plan to patch
Microsoft Edge Memory Corruption Vulnerability
Affects anyone using Microsoft Edge as their browser. The browser is the entry point for cloud apps (accounting SaaS, client portals, banking) — exploitation can lead to session theft or stored-credential exposure for everything you log into through it.
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Added to KEV Mar 28, 2022 · Microsoft Edge
CVE-2016-0189Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Added to KEV Mar 28, 2022 · Microsoft Internet Explorer
CVE-2016-0151Known ransomware usePatch now
Microsoft Windows CSRSS Security Feature Bypass Vulnerability
Affects anyone running Microsoft Client-Server Run-time Subsystem (CSRSS). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
Added to KEV Mar 28, 2022 · Microsoft Client-Server Run-time Subsystem (CSRSS)
CVE-2016-0040Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.
Added to KEV Mar 28, 2022 · Microsoft Windows
CVE-2015-2426Plan to patch
Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.
Added to KEV Mar 28, 2022 · Microsoft Windows
CVE-2015-2419Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Added to KEV Mar 28, 2022 · Microsoft Internet Explorer
CVE-2015-1770Plan to patch
Microsoft Office Uninitialized Memory Use Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.
Added to KEV Mar 28, 2022 · Microsoft Office
CVE-2013-3660Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges.
Added to KEV Mar 28, 2022 · Microsoft Win32k
CVE-2013-2551Known ransomware usePatch now
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.
Added to KEV Mar 28, 2022 · Microsoft Internet Explorer
CVE-2012-2539Plan to patch
Microsoft Word Remote Code Execution Vulnerability
Affects anyone running Microsoft Word. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.
Added to KEV Mar 28, 2022 · Microsoft Word
CVE-2012-2034Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).
Added to KEV Mar 28, 2022 · Adobe Flash Player
CVE-2011-2005Plan to patch
Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability
Affects anyone running Microsoft Ancillary Function Driver (afd.sys). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.
Added to KEV Mar 28, 2022 · Microsoft Ancillary Function Driver (afd.sys)
CVE-2010-4398Plan to patch
Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.
Added to KEV Mar 28, 2022 · Microsoft Windows
CVE-2022-21999Known ransomware usePatch now
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
Added to KEV Mar 25, 2022 · Microsoft Windows
CVE-2019-0903Plan to patch
Microsoft GDI Remote Code Execution Vulnerability
Affects anyone running Microsoft Graphics Device Interface (GDI). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Added to KEV Mar 25, 2022 · Microsoft Graphics Device Interface (GDI)
CVE-2018-8414Plan to patch
Microsoft Windows Shell Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
Added to KEV Mar 25, 2022 · Microsoft Windows
CVE-2018-8373Plan to patch
Microsoft Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer Scripting Engine. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
Added to KEV Mar 25, 2022 · Microsoft Internet Explorer Scripting Engine
CVE-2017-0146Known ransomware usePatch now
Microsoft Windows SMB Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
Added to KEV Mar 25, 2022 · Microsoft Windows
CVE-2016-7892Plan to patch
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
Added to KEV Mar 25, 2022 · Adobe Flash Player
CVE-2015-0666Patch this week
Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files.
Added to KEV Mar 25, 2022 · Cisco Prime Data Center Network Manager (DCNM)
CVE-2014-6332Plan to patch
Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.
Added to KEV Mar 25, 2022 · Microsoft Windows
CVE-2014-6324Plan to patch
Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability
Affects anyone running Microsoft Kerberos Key Distribution Center (KDC). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.
Added to KEV Mar 25, 2022 · Microsoft Kerberos Key Distribution Center (KDC)
CVE-2010-3035Patch this week
Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
Added to KEV Mar 25, 2022 · Cisco IOS XR
CVE-2009-0927Plan to patch
Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.
Added to KEV Mar 25, 2022 · Adobe Reader and Acrobat
CVE-2019-1405Known ransomware usePatch now
Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.
Added to KEV Mar 15, 2022 · Microsoft Windows
CVE-2019-1322Known ransomware usePatch now
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Added to KEV Mar 15, 2022 · Microsoft Windows
CVE-2019-1315Known ransomware usePatch now
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
Added to KEV Mar 15, 2022 · Microsoft Windows
CVE-2019-1253Known ransomware usePatch now
Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.
Added to KEV Mar 15, 2022 · Microsoft Windows
CVE-2019-1132Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
Added to KEV Mar 15, 2022 · Microsoft Win32k
CVE-2019-1129Known ransomware usePatch now
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Added to KEV Mar 15, 2022 · Microsoft Windows
CVE-2019-1069Known ransomware usePatch now
Microsoft Task Scheduler Privilege Escalation Vulnerability
Affects anyone running Microsoft Task Scheduler. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.
Added to KEV Mar 15, 2022 · Microsoft Task Scheduler
CVE-2019-1064Known ransomware usePatch now
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Added to KEV Mar 15, 2022 · Microsoft Windows
CVE-2019-0841Known ransomware usePatch now
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Added to KEV Mar 15, 2022 · Microsoft Windows
CVE-2019-0543Known ransomware usePatch now
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Added to KEV Mar 15, 2022 · Microsoft Windows
CVE-2018-8120Known ransomware usePatch now
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
Added to KEV Mar 15, 2022 · Microsoft Win32k
CVE-2017-0101Known ransomware usePatch now
Microsoft Windows Transaction Manager Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.
Added to KEV Mar 15, 2022 · Microsoft Windows
CVE-2016-3309Known ransomware usePatch now
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Added to KEV Mar 15, 2022 · Microsoft Windows
CVE-2015-2546Known ransomware usePatch now
Microsoft Win32k Memory Corruption Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.
Added to KEV Mar 15, 2022 · Microsoft Win32k
CVE-2013-0631Plan to patch
Adobe ColdFusion Information Disclosure Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.
Added to KEV Mar 7, 2022 · Adobe ColdFusion
CVE-2013-0629Plan to patch
Adobe ColdFusion Directory Traversal Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.
Added to KEV Mar 7, 2022 · Adobe ColdFusion
CVE-2019-1652Patch this week
Cisco Small Business Routers Improper Input Validation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.
Added to KEV Mar 3, 2022 · Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers
CVE-2019-1297Plan to patch
Microsoft Excel Remote Code Execution Vulnerability
Affects anyone running Microsoft Excel. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory.
Added to KEV Mar 3, 2022 · Microsoft Excel
CVE-2018-8581Known ransomware usePatch now
Microsoft Exchange Server Privilege Escalation Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.
Added to KEV Mar 3, 2022 · Microsoft Exchange Server
CVE-2018-0175Patch this week
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device.
Added to KEV Mar 3, 2022 · Cisco IOS, XR, and XE Software
CVE-2018-0174Patch this week
Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
Added to KEV Mar 3, 2022 · Cisco IOS XE Software
CVE-2018-0173Patch this week
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for denial-of-service (DoS).
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2018-0172Patch this week
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2018-0167Patch this week
Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code.
Added to KEV Mar 3, 2022 · Cisco IOS, XR, and XE Software
CVE-2018-0159Patch this week
Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition.
Added to KEV Mar 3, 2022 · Cisco IOS Software and Cisco IOS XE Software
CVE-2018-0158Patch this week
Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition.
Added to KEV Mar 3, 2022 · Cisco IOS Software and Cisco IOS XE Software
CVE-2018-0156Patch this week
Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial-of-service (DoS) condition.
Added to KEV Mar 3, 2022 · Cisco IOS Software and Cisco IOS XE Software
CVE-2018-0155Patch this week
Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition.
Added to KEV Mar 3, 2022 · Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches
CVE-2016-7855Plan to patch
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2018-0154Patch this week
Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.
Added to KEV Mar 3, 2022 · Cisco IOS Software
CVE-2017-8540Plan to patch
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Affects anyone running Microsoft Malware Protection Engine. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
Added to KEV Mar 3, 2022 · Microsoft Malware Protection Engine
CVE-2017-6744Patch this week
Cisco IOS Software SNMP Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6.
Added to KEV Mar 3, 2022 · Cisco IOS software
CVE-2017-6743Patch this week
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2017-6740Patch this week
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2017-6739Patch this week
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2017-6738Patch this week
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2017-6737Patch this week
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2017-6736Patch this week
Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2017-6627Patch this week
Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and denial of service.
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2017-12237Patch this week
Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service.
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2017-12235Patch this week
Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.
Added to KEV Mar 3, 2022 · Cisco IOS software
CVE-2017-12234Patch this week
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.
Added to KEV Mar 3, 2022 · Cisco IOS software
CVE-2017-12233Patch this week
Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service.
Added to KEV Mar 3, 2022 · Cisco IOS software
CVE-2017-12231Patch this week
Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service.
Added to KEV Mar 3, 2022 · Cisco IOS software
CVE-2017-11826Plan to patch
Microsoft Office Remote Code Execution Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2017-11292Plan to patch
Adobe Flash Player Type Confusion Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2017-0261Plan to patch
Microsoft Office Use-After-Free Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2016-7262Plan to patch
Microsoft Office Security Feature Bypass Vulnerability
Affects anyone running Microsoft Excel. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands.
Added to KEV Mar 3, 2022 · Microsoft Excel
CVE-2016-7193Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2016-0099Known ransomware usePatch now
Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.
Added to KEV Mar 3, 2022 · Microsoft Windows
CVE-2015-2545Plan to patch
Microsoft Office Malformed EPS File Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2015-2424Plan to patch
Microsoft PowerPoint Memory Corruption Vulnerability
Affects anyone running Microsoft PowerPoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.
Added to KEV Mar 3, 2022 · Microsoft PowerPoint
CVE-2015-2387Plan to patch
Microsoft ATM Font Driver Privilege Escalation Vulnerability
Affects anyone running Microsoft ATM Font Driver. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.
Added to KEV Mar 3, 2022 · Microsoft ATM Font Driver
CVE-2015-1701Known ransomware usePatch now
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.
Added to KEV Mar 3, 2022 · Microsoft Win32k
CVE-2015-1642Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2014-4114Plan to patch
Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.
Added to KEV Mar 3, 2022 · Microsoft Windows
CVE-2014-0496Plan to patch
Adobe Reader and Acrobat Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-5065Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.
Added to KEV Mar 3, 2022 · Microsoft Windows
CVE-2013-3897Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.
Added to KEV Mar 3, 2022 · Microsoft Internet Explorer
CVE-2013-1347Plan to patch
Microsoft Internet Explorer Remote Code Execution Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
Added to KEV Mar 3, 2022 · Microsoft Internet Explorer
CVE-2013-0641Plan to patch
Adobe Reader Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Reader
CVE-2013-0640Plan to patch
Adobe Reader and Acrobat Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2012-1856Plan to patch
Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2012-1535Plan to patch
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2011-0611Plan to patch
Adobe Flash Player Remote Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2010-3333Plan to patch
Microsoft Office Stack-based Buffer Overflow Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2010-0232Plan to patch
Microsoft Windows Kernel Exception Handler Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges.
Added to KEV Mar 3, 2022 · Microsoft Windows
CVE-2010-0188Known ransomware usePatch now
Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2009-3129Plan to patch
Microsoft Excel Featheader Record Memory Corruption Vulnerability
Affects anyone running Microsoft Excel. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.
Added to KEV Mar 3, 2022 · Microsoft Excel
CVE-2009-1123Plan to patch
Microsoft Windows Improper Input Validation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application.
Added to KEV Mar 3, 2022 · Microsoft Windows
CVE-2008-2992Known ransomware usePatch now
Adobe Reader and Acrobat Input Validation Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.
Added to KEV Mar 3, 2022 · Adobe Acrobat and Reader
CVE-2004-0210Plan to patch
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system.
Added to KEV Mar 3, 2022 · Microsoft Windows
CVE-2002-0367Plan to patch
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges.
Added to KEV Mar 3, 2022 · Microsoft Windows
CVE-2017-0001Plan to patch
Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability
Affects anyone running Microsoft Graphics Device Interface (GDI). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges
Added to KEV Mar 3, 2022 · Microsoft Graphics Device Interface (GDI)
CVE-2015-7645Known ransomware usePatch now
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2017-8570Plan to patch
Microsoft Office Remote Code Execution Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory.
Added to KEV Feb 25, 2022 · Microsoft Office
CVE-2017-0222Plan to patch
Microsoft Internet Explorer Remote Code Execution Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
Added to KEV Feb 25, 2022 · Microsoft Internet Explorer
CVE-2014-6352Plan to patch
Microsoft Windows Code Injection Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object.
Added to KEV Feb 25, 2022 · Microsoft Windows
CVE-2022-0609Plan to patch
Google Chromium Animation Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Feb 15, 2022 · Google Chromium Animation
CVE-2019-0752Known ransomware usePatch now
Microsoft Internet Explorer Type Confusion Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer
Added to KEV Feb 15, 2022 · Microsoft Internet Explorer
CVE-2018-8174Known ransomware usePatch now
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
Added to KEV Feb 15, 2022 · Microsoft Windows
CVE-2018-15982Known ransomware usePatch now
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability
Added to KEV Feb 15, 2022 · Adobe Flash Player
CVE-2014-1761Plan to patch
Microsoft Word Memory Corruption Vulnerability
Affects anyone running Microsoft Word. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.
Added to KEV Feb 15, 2022 · Microsoft Word
CVE-2013-3906Plan to patch
Microsoft Graphics Component Memory Corruption Vulnerability
Affects anyone running Microsoft Graphics Component. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.
Added to KEV Feb 15, 2022 · Microsoft Graphics Component
CVE-2022-22620Plan to patch
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Feb 11, 2022 · Apple iOS, iPadOS, and macOS
CVE-2015-1130Plan to patch
Apple OS X Authentication Bypass Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.
Added to KEV Feb 10, 2022 · Apple OS X
CVE-2021-36934Plan to patch
Microsoft Windows SAM Local Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level.
Added to KEV Feb 10, 2022 · Microsoft Windows
CVE-2017-8464Plan to patch
Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file
Added to KEV Feb 10, 2022 · Microsoft Windows
CVE-2017-0263Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.
Added to KEV Feb 10, 2022 · Microsoft Win32k
CVE-2017-0262Plan to patch
Microsoft Office Remote Code Execution Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
A remote code execution vulnerability exists in Microsoft Office.
Added to KEV Feb 10, 2022 · Microsoft Office
CVE-2017-0145Known ransomware usePatch now
Microsoft SMBv1 Remote Code Execution Vulnerability
Affects anyone running Microsoft SMBv1. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
Added to KEV Feb 10, 2022 · Microsoft SMBv1
CVE-2017-0144Known ransomware usePatch now
Microsoft SMBv1 Remote Code Execution Vulnerability
Affects anyone running Microsoft SMBv1. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
Added to KEV Feb 10, 2022 · Microsoft SMBv1
CVE-2014-4404Plan to patch
Apple OS X Heap-Based Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.
Added to KEV Feb 10, 2022 · Apple OS X
CVE-2022-21882Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Feb 4, 2022 · Microsoft Win32k
CVE-2020-0787Known ransomware usePatch now
Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.
Added to KEV Jan 28, 2022 · Microsoft Windows
CVE-2018-8453Known ransomware usePatch now
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.
Added to KEV Jan 21, 2022 · Microsoft Win32k
CVE-2021-33766Plan to patch
Microsoft Exchange Server Information Disclosure
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.
Added to KEV Jan 18, 2022 · Microsoft Exchange Server
CVE-2020-6572Plan to patch
Google Chrome Media Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Added to KEV Jan 10, 2022 · Google Chrome Media
CVE-2019-1458Known ransomware usePatch now
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
Added to KEV Jan 10, 2022 · Microsoft Win32k
CVE-2019-1579Known ransomware usePatch now
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.
Added to KEV Jan 10, 2022 · Palo Alto Networks PAN-OS
CVE-2021-43890Known ransomware usePatch now
Microsoft Windows AppX Installer Spoofing Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.
Added to KEV Dec 15, 2021 · Microsoft Windows
CVE-2021-4102Plan to patch
Google Chromium V8 Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Dec 15, 2021 · Google Chromium V8
CVE-2021-40449Known ransomware usePatch now
Microsoft Windows Win32k Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Unspecified vulnerability allows for an authenticated user to escalate privileges.
Added to KEV Nov 17, 2021 · Microsoft Windows
CVE-2021-42321Known ransomware usePatch now
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
Added to KEV Nov 17, 2021 · Microsoft Exchange
CVE-2021-42292Plan to patch
Microsoft Excel Security Feature Bypass
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.
Added to KEV Nov 17, 2021 · Microsoft Office
CVE-2021-21017Plan to patch
Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Adobe Acrobat and Reader
CVE-2021-28550Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Adobe Acrobat and Reader
CVE-2018-4878Known ransomware usePatch now
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe Flash Player
CVE-2021-30858Plan to patch
Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2019-6223Plan to patch
Apple iOS and macOS Group Facetime Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction.
Added to KEV Nov 3, 2021 · Apple iOS and macOS
CVE-2021-30860Plan to patch
Apple Multiple Products Integer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-27930Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30807Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-27932Plan to patch
Apple Multiple Products Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-9818Plan to patch
Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and watchOS
CVE-2021-30762Plan to patch
Apple iOS WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-1782Plan to patch
Apple Multiple Products Race Condition Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30661Plan to patch
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30666Plan to patch
Apple iOS WebKit Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-30713Plan to patch
Apple macOS Unspecified Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.
Added to KEV Nov 3, 2021 · Apple macOS
CVE-2021-30665Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30663Plan to patch
Apple Multiple Products WebKit Integer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30761Plan to patch
Apple iOS WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-30869Plan to patch
Apple iOS, iPadOS, and macOS Type Confusion Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2020-9859Plan to patch
Apple Multiple Products Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-3452Patch this week
Cisco ASA and FTD Read-Only Path Traversal Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device.
Added to KEV Nov 3, 2021 · Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
CVE-2020-3566Patch this week
Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.
Added to KEV Nov 3, 2021 · Cisco IOS XR
CVE-2020-3569Patch this week
Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.
Added to KEV Nov 3, 2021 · Cisco IOS XR
CVE-2019-1653Patch this week
Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.
Added to KEV Nov 3, 2021 · Cisco Small Business RV320 and RV325 Routers
CVE-2018-0296Patch this week
Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.
Added to KEV Nov 3, 2021 · Cisco Adaptive Security Appliance (ASA)
CVE-2021-21166Plan to patch
Google Chromium Race Condition Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium
CVE-2020-16009Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-30632Plan to patch
Google Chromium V8 Out-of-Bounds Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2020-16013Plan to patch
Google Chromium V8 Incorrect Implementation Vulnerabililty
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-21148Plan to patch
Google Chromium V8 Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-30551Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-37975Plan to patch
Google Chromium V8 Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2020-6418Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-30554Plan to patch
Google Chromium WebGL Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium WebGL
CVE-2021-21206Plan to patch
Google Chromium Blink Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium Blink
CVE-2021-38003Plan to patch
Google Chromium V8 Memory Corruption Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-21224Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-21193Plan to patch
Google Chromium Blink Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium Blink
CVE-2021-21220Plan to patch
Google Chromium V8 Improper Input Validation Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-30563Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2014-1812Known ransomware usePatch now
Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2016-0167Known ransomware usePatch now
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-1647Plan to patch
Microsoft Defender Remote Code Execution Vulnerability
Affects anyone running Microsoft Defender. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Defender
CVE-2021-33739Plan to patch
Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2016-0185Plan to patch
Microsoft Windows Media Center Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2020-0683Plan to patch
Microsoft Windows Installer Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2020-17087Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-33742Plan to patch
Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-33771Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-31956Plan to patch
Microsoft Windows NTFS Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-31979Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-27059Plan to patch
Microsoft Office Remote Code Execution Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains an unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2020-0938Plan to patch
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2020-17144Plan to patch
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Exchange Server
CVE-2020-0986Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2020-1020Plan to patch
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-38645Plan to patch
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Affects anyone running Microsoft Open Management Infrastructure (OMI). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Open Management Infrastructure (OMI)
CVE-2021-36948Plan to patch
Microsoft Windows Update Medic Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-38649Plan to patch
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Affects anyone running Microsoft Open Management Infrastructure (OMI). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Open Management Infrastructure (OMI)
CVE-2020-0688Known ransomware usePatch now
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Exchange Server
CVE-2017-0143Known ransomware usePatch now
Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2016-7255Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2020-1464Plan to patch
Microsoft Windows Spoofing Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-1732Known ransomware usePatch now
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-34527Known ransomware usePatch now
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2019-0803Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-28310Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-26411Known ransomware usePatch now
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2019-0859Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-40444Known ransomware usePatch now
Microsoft MSHTML Remote Code Execution Vulnerability
Affects anyone running Microsoft MSHTML. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft MSHTML
CVE-2017-8759Plan to patch
Microsoft .NET Framework Remote Code Execution Vulnerability
Affects anyone running Microsoft .NET Framework. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.
Added to KEV Nov 3, 2021 · Microsoft .NET Framework
CVE-2018-8653Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2019-0797Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-36942Known ransomware usePatch now
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2019-1215Known ransomware usePatch now
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2018-0798Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2018-0802Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2012-0158Plan to patch
Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability
Affects anyone running Microsoft MSCOMCTL.OCX. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft MSCOMCTL.OCX
CVE-2015-1641Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2019-0541Plan to patch
Microsoft MSHTML Remote Code Execution Vulnerability
Affects anyone running Microsoft MSHTML. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.
Added to KEV Nov 3, 2021 · Microsoft MSHTML
CVE-2017-11882Known ransomware usePatch now
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2020-0674Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2019-1367Known ransomware usePatch now
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2017-0199Known ransomware usePatch now
Microsoft Office and WordPad Remote Code Execution Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Office and WordPad
CVE-2020-1380Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2019-1429Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2017-11774Plan to patch
Microsoft Office Outlook Security Feature Bypass Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2020-0968Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2021-26858Known ransomware usePatch now
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Added to KEV Nov 3, 2021 · Microsoft Exchange Server
CVE-2021-27065Known ransomware usePatch now
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Added to KEV Nov 3, 2021 · Microsoft Exchange Server
CVE-2020-1054Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-1675Known ransomware usePatch now
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2020-0601Plan to patch
Microsoft Windows CryptoAPI Spoofing Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2019-0808Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-26857Known ransomware usePatch now
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Added to KEV Nov 3, 2021 · Microsoft Exchange Server
CVE-2020-1147Plan to patch
Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability
Affects anyone running Microsoft .NET Framework, SharePoint, Visual Studio. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserialization of the XML content.
Added to KEV Nov 3, 2021 · Microsoft .NET Framework, SharePoint, Visual Studio
CVE-2019-1214Plan to patch
Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2016-3235Plan to patch
Microsoft Office OLE DLL Side Loading Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2019-0863Plan to patch
Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-36955Known ransomware usePatch now
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-38648Plan to patch
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Affects anyone running Microsoft Open Management Infrastructure (OMI). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Open Management Infrastructure (OMI)
CVE-2020-8243Patch this week
Ivanti Pulse Connect Secure Code Execution Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2021-22900Patch this week
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2021-22894Patch this week
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2020-8260Patch this week
Ivanti Pulse Connect Secure Code Execution Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2021-22899Patch this week
Ivanti Pulse Connect Secure Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2019-11539Known ransomware usePatch now
Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure and Pulse Policy Secure
CVE-2019-7481Known ransomware usePatch now
SonicWall SMA100 SQL Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.
Added to KEV Nov 3, 2021 · SonicWall SMA100
CVE-2021-20022Known ransomware usePatch now
SonicWall Email Security Unrestricted Upload of File Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.
Added to KEV Nov 3, 2021 · SonicWall Email Security
CVE-2021-27085Plan to patch
Microsoft Internet Explorer Remote Code Execution Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2020-3118Patch this week
Cisco IOS XR Software Discovery Protocol Format String Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.
Added to KEV Nov 3, 2021 · Cisco IOS XR