KEV topic
KEV entries with known ransomware use
KEV entries where CISA has confirmed use in known ransomware campaigns. Active threat actors have chained these vulnerabilities into ransomware operations — treat patching as a same-week priority, not a "next maintenance window" task. Cross-section across every vendor and product type in the catalog. Updated daily from the CISA KEV catalog.
Microsoft Exchange Server Deserialization of Untrusted Data Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device.
Microsoft SharePoint Code Injection Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
Microsoft SharePoint Improper Authentication Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. CVE-2025-53771 is a patch bypass for CVE-2025-49706, and the updates for CVE-2025-53771 include more robust protection than those for CVE-2025-49706.
Microsoft SharePoint Deserialization of Untrusted Data Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests.
Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally.
Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
SonicWall SonicOS SSLVPN Improper Authentication Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.
SonicWall SMA1000 Appliances Deserialization Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.
Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.
Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators.
Microsoft Windows Task Scheduler Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions.
Microsoft SharePoint Deserialization Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.
SonicWall SonicOS Improper Access Control Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
Microsoft DWM Core Library Privilege Escalation Vulnerability
Affects anyone running Microsoft DWM Core Library. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.
Palo Alto Networks PAN-OS Command Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
Microsoft SharePoint Server Code Injection Vulnerability
Affects anyone running Microsoft SharePoint Server. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).
Fortinet FortiClient EMS SQL Injection Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests.
Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.
Cisco ASA and FTD Information Disclosure Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations.
Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.
Fortinet FortiOS Out-of-Bound Write Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.
Microsoft SharePoint Server Privilege Escalation Vulnerability
Affects anyone running Microsoft SharePoint Server. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.
Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability.
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Adobe ColdFusion Deserialization of Untrusted Data Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user.
Ivanti Sentry Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration.
Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.
Microsoft Windows Search Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Exchange Server Privilege Escalation Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
Microsoft Defender SmartScreen Security Feature Bypass Vulnerability
Affects anyone running Microsoft Defender. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.
Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.
Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.
Fortinet Multiple Products Authentication Bypass Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.
Microsoft Exchange Server Server-Side Request Forgery Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.
Fortinet FortiOS and FortiADC Improper Access Control Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.
Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.
Microsoft Silverlight Runtime Remote Code Execution Vulnerability
Affects anyone running Microsoft Silverlight. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS).
Microsoft Silverlight Double Dereference Vulnerability
Affects anyone running Microsoft Silverlight. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application.
Microsoft Windows SMBv1 Information Disclosure Vulnerability
Affects anyone running Microsoft SMBv1 server. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet.
Microsoft Internet Explorer and Edge Information Disclosure Vulnerability
Affects anyone using Microsoft Edge as their browser. The browser is the entry point for cloud apps (accounting SaaS, client portals, banking) — exploitation can lead to session theft or stored-credential exposure for everything you log into through it.
An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.
Microsoft Update Notification Manager Privilege Escalation Vulnerability
Affects anyone running Microsoft Update Notification Manager. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.
Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Affects anyone running Microsoft Active Directory. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Active Directory Domain Services Privilege Escalation Vulnerability
Affects anyone running Microsoft Active Directory. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Microsoft SMBv1 Server Remote Code Execution Vulnerability
Affects anyone running Microsoft SMBv1 server. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.
Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
Affects anyone running Microsoft DirectX Graphics Kernel (DXGKRNL). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability
Affects anyone running Microsoft DirectX Graphics Kernel (DXGKRNL). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
Microsoft Windows CSRSS Security Feature Bypass Vulnerability
Affects anyone running Microsoft Client-Server Run-time Subsystem (CSRSS). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.
Microsoft Windows SMB Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
Adobe ColdFusion Directory Traversal Vulnerability
Affects anyone running Adobe ColdFusion. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.
Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.
Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Microsoft Task Scheduler Privilege Escalation Vulnerability
Affects anyone running Microsoft Task Scheduler. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.
Microsoft Windows Transaction Manager Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.
Microsoft Win32k Memory Corruption Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.
Adobe BlazeDS Information Disclosure Vulnerability
Affects anyone running Adobe BlazeDS. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.
Microsoft Windows Installer Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Exchange Server Privilege Escalation Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server.
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.
Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.
Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.
Adobe Reader and Acrobat Input Validation Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
Microsoft Internet Explorer Type Confusion Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability
Microsoft SMBv3 Remote Code Execution Vulnerability
Affects anyone running Microsoft SMBv3. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client.
Microsoft SMBv1 Remote Code Execution Vulnerability
Affects anyone running Microsoft SMBv1. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
Microsoft SMBv1 Remote Code Execution Vulnerability
Affects anyone running Microsoft SMBv1. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
Fortinet FortiOS and FortiProxy Improper Authorization
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password.
Fortinet FortiOS and FortiProxy Out-of-bounds Write
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.
Palo Alto Networks PAN-OS Remote Code Execution Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.
Microsoft Windows AppX Installer Spoofing Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.
Microsoft Windows Win32k Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Unspecified vulnerability allows for an authenticated user to escalate privileges.
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting (XSS) in the context of the interface or access sensitive browser-based information.
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.
Fortinet FortiOS SSL VPN Path Traversal Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Affects anyone running Microsoft Open Management Infrastructure (OMI). Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
Affects anyone using Microsoft Edge as their browser. The browser is the entry point for cloud apps (accounting SaaS, client portals, banking) — exploitation can lead to session theft or stored-credential exposure for everything you log into through it.
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.
Microsoft Exchange Server Privilege Escalation Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.
Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Affects anyone running Microsoft Remote Desktop Services. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.
Microsoft Exchange Server Security Feature Bypass Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.
Microsoft MSHTML Remote Code Execution Vulnerability
Affects anyone running Microsoft MSHTML. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.
Microsoft Windows Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges.
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.
Microsoft Office and WordPad Remote Code Execution Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.
Microsoft Netlogon Privilege Escalation Vulnerability
Affects anyone running Microsoft Netlogon. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.
Microsoft SharePoint Remote Code Execution Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.
Microsoft Exchange Server Remote Code Execution Vulnerability
Affects anyone running on-premises Microsoft Exchange Server. If you have Exchange in your office (as opposed to Microsoft 365 hosted email), it's the mail server holding all internal email — full compromise reads every conversation it stores.
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI.
Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
SonicWall Email Security Improper Privilege Management Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation.
SonicWall SMA100 SQL Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.
SonicWall Email Security Unrestricted Upload of File Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.
SonicWall Email Security Path Traversal Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.
SonicWall SSLVPN SMA100 SQL Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.