KEV topic

Remote code execution KEV entries

KEV entries the NVD has classified with Common Weakness Enumeration (CWE) IDs that indicate remote code execution: code/command/OS-command injection (CWE-94/77/78), plus the memory-corruption classes (out-of-bounds write CWE-787, use-after-free CWE-416) that modern exploit chains typically convert into RCE. Only CVEs with these CWE classifications appear here. Updated daily from the CISA KEV catalog.

Updated 17 hours ago. 251 entries in this topic. All SMB-relevant entries.

CVE-2026-10520Patch this week
Ivanti Sentry OS Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.
Added to KEV Jun 11, 2026 · Ivanti Sentry
CVE-2026-11645Plan to patch
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 9, 2026 · Google Chromium V8
CVE-2008-4250Patch this week
Microsoft Windows Buffer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
Added to KEV May 20, 2026 · Microsoft Windows
CVE-2010-0249Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV May 20, 2026 · Microsoft Internet Explorer
CVE-2010-0806Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV May 20, 2026 · Microsoft Internet Explorer
CVE-2026-0300Patch this week
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
Added to KEV May 6, 2026 · Palo Alto Networks PAN-OS
CVE-2009-0238Plan to patch
Microsoft Office Remote Code Execution
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.
Added to KEV Apr 14, 2026 · Microsoft Office
CVE-2020-9715Plan to patch
Adobe Acrobat Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Added to KEV Apr 13, 2026 · Adobe Acrobat
CVE-2026-1340Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Added to KEV Apr 8, 2026 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2026-5281Plan to patch
Google Dawn Use-After-Free Vulnerability
Affects anyone running Google Dawn. Google products typically sit at the identity or browsing layer — exploitation usually affects access to cloud services and stored sessions.
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Apr 1, 2026 · Google Dawn
CVE-2026-3910Plan to patch
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Mar 13, 2026 · Google Chromium V8
CVE-2026-3909Plan to patch
Google Skia Out-of-Bounds Write Vulnerability
Affects anyone running Google Skia. Google products typically sit at the identity or browsing layer — exploitation usually affects access to cloud services and stored sessions.
Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Added to KEV Mar 13, 2026 · Google Skia
CVE-2023-43000Plan to patch
Apple Multiple products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
Added to KEV Mar 5, 2026 · Apple Multiple Products
CVE-2023-41974Plan to patch
Apple iOS and iPadOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
Added to KEV Mar 5, 2026 · Apple iOS and iPadOS
CVE-2026-2441Plan to patch
Google Chromium CSS Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Feb 17, 2026 · Google Chromium
CVE-2026-1281Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Added to KEV Jan 29, 2026 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2026-20045Patch this week
Cisco Unified Communications Products Code Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection vulnerability that could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.
Added to KEV Jan 21, 2026 · Cisco Unified Communications Manager
CVE-2009-0556Plan to patch
Microsoft Office PowerPoint Code Injection Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption.
Added to KEV Jan 7, 2026 · Microsoft Office
CVE-2025-43529Plan to patch
Apple Multiple Products Use-After-Free WebKit Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Dec 15, 2025 · Apple Multiple Products
CVE-2025-14174Plan to patch
Google Chromium Out of Bounds Memory Access Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Dec 12, 2025 · Google Chromium
CVE-2025-62221Plan to patch
Microsoft Windows Use After Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.
Added to KEV Dec 9, 2025 · Microsoft Windows
CVE-2025-58034Patch this week
Fortinet FortiWeb OS Command Injection Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Added to KEV Nov 18, 2025 · Fortinet FortiWeb
CVE-2010-3962Plan to patch
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV Oct 6, 2025 · Microsoft Internet Explorer
CVE-2013-3918Plan to patch
Microsoft Windows Out-of-Bounds Write Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV Oct 6, 2025 · Microsoft Windows
CVE-2025-43300Patch this week
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
Added to KEV Aug 21, 2025 · Apple iOS, iPadOS, and macOS
CVE-2013-3893Plan to patch
Microsoft Internet Explorer Resource Management Errors Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV Aug 12, 2025 · Microsoft Internet Explorer
CVE-2025-49704Known ransomware usePatch now
Microsoft SharePoint Code Injection Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
Added to KEV Jul 22, 2025 · Microsoft SharePoint
CVE-2025-5419Plan to patch
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 5, 2025 · Google Chromium V8
CVE-2025-4428Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036.
Added to KEV May 19, 2025 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2025-32756Patch this week
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.
Added to KEV May 14, 2025 · Fortinet Multiple Products
CVE-2025-32709Plan to patch
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.
Added to KEV May 13, 2025 · Microsoft Windows
CVE-2025-32701Plan to patch
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV May 13, 2025 · Microsoft Windows
CVE-2025-30400Plan to patch
Microsoft Windows DWM Core Library Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV May 13, 2025 · Microsoft Windows
CVE-2023-44221Patch this week
SonicWall SMA100 Appliances OS Command Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.
Added to KEV May 1, 2025 · SonicWall SMA100 Appliances
CVE-2021-20035Plan to patch
SonicWall SMA100 Appliances OS Command Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.
Added to KEV Apr 16, 2025 · SonicWall SMA100 Appliances
CVE-2025-29824Known ransomware usePatch now
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV Apr 8, 2025 · Microsoft Windows
CVE-2025-22457Known ransomware usePatch now
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.
Added to KEV Apr 4, 2025 · Ivanti Connect Secure, Policy Secure, and ZTA Gateways
CVE-2025-24201Patch this week
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Mar 13, 2025 · Apple Multiple Products
CVE-2025-24983Plan to patch
Microsoft Windows Win32k Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV Mar 11, 2025 · Microsoft Windows
CVE-2023-20118Plan to patch
Cisco Small Business RV Series Routers Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data.
Added to KEV Mar 3, 2025 · Cisco Small Business RV Series Routers
CVE-2025-24085Patch this week
Apple Multiple Products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
Added to KEV Jan 29, 2025 · Apple Multiple Products
CVE-2025-21335Plan to patch
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
Added to KEV Jan 14, 2025 · Microsoft Windows
CVE-2025-21334Plan to patch
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
Added to KEV Jan 14, 2025 · Microsoft Windows
CVE-2025-0282Known ransomware usePatch now
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.
Added to KEV Jan 8, 2025 · Ivanti Connect Secure, Policy Secure, and ZTA Gateways
CVE-2024-9474Known ransomware usePatch now
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.
Added to KEV Nov 18, 2024 · Palo Alto Networks PAN-OS
CVE-2024-9463Patch this week
Palo Alto Networks Expedition OS Command Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Added to KEV Nov 14, 2024 · Palo Alto Networks Expedition
CVE-2024-9380Patch this week
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Added to KEV Oct 9, 2024 · Ivanti Cloud Services Appliance (CSA)
CVE-2024-8190Patch this week
Ivanti Cloud Services Appliance OS Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Added to KEV Sep 13, 2024 · Ivanti Cloud Services Appliance
CVE-2024-7965Plan to patch
Google Chromium V8 Inappropriate Implementation Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Aug 28, 2024 · Google Chromium V8
CVE-2024-38107Plan to patch
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.
Added to KEV Aug 13, 2024 · Microsoft Windows
CVE-2024-38193Plan to patch
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
Added to KEV Aug 13, 2024 · Microsoft Windows
CVE-2012-4792Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.
Added to KEV Jul 23, 2024 · Microsoft Internet Explorer
CVE-2024-20399Plan to patch
Cisco NX-OS Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.
Added to KEV Jul 2, 2024 · Cisco NX-OS
CVE-2024-4761Plan to patch
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV May 16, 2024 · Google Chromium V8
CVE-2024-30051Known ransomware usePatch now
Microsoft DWM Core Library Privilege Escalation Vulnerability
Affects anyone running Microsoft DWM Core Library. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.
Added to KEV May 14, 2024 · Microsoft DWM Core Library
CVE-2024-4671Patch this week
Google Chromium Visuals Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV May 13, 2024 · Google Chromium
CVE-2024-20359Plan to patch
Cisco ASA and FTD Privilege Escalation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root.
Added to KEV Apr 24, 2024 · Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
CVE-2024-3400Known ransomware usePatch now
Palo Alto Networks PAN-OS Command Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
Added to KEV Apr 12, 2024 · Palo Alto Networks PAN-OS
CVE-2023-24955Known ransomware usePatch now
Microsoft SharePoint Server Code Injection Vulnerability
Affects anyone running Microsoft SharePoint Server. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
Added to KEV Mar 26, 2024 · Microsoft SharePoint Server
CVE-2021-44529Known ransomware usePatch now
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).
Added to KEV Mar 25, 2024 · Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA)
CVE-2024-23225Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Added to KEV Mar 6, 2024 · Apple Multiple Products
CVE-2024-23296Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Added to KEV Mar 6, 2024 · Apple Multiple Products
CVE-2024-21351Plan to patch
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.
Added to KEV Feb 13, 2024 · Microsoft Windows
CVE-2024-21762Known ransomware usePatch now
Fortinet FortiOS Out-of-Bound Write Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
Added to KEV Feb 9, 2024 · Fortinet FortiOS
CVE-2024-0519Plan to patch
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jan 17, 2024 · Google Chromium V8
CVE-2024-21887Known ransomware usePatch now
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.
Added to KEV Jan 10, 2024 · Ivanti Connect Secure and Policy Secure
CVE-2023-7024Plan to patch
Google Chromium WebRTC Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.
Added to KEV Jan 2, 2024 · Google Chromium WebRTC
CVE-2023-42917Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Dec 4, 2023 · Apple Multiple Products
CVE-2023-36036Plan to patch
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
Added to KEV Nov 14, 2023 · Microsoft Windows
CVE-2023-20273Patch this week
Cisco IOS XE Web UI Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.
Added to KEV Oct 23, 2023 · Cisco IOS XE Web UI
CVE-2023-21608Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
Added to KEV Oct 10, 2023 · Adobe Acrobat and Reader
CVE-2023-20109Plan to patch
Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash.
Added to KEV Oct 10, 2023 · Cisco IOS and IOS XE
CVE-2023-5217Plan to patch
Google Chromium libvpx Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.
Added to KEV Oct 2, 2023 · Google Chromium libvpx
CVE-2023-26369Plan to patch
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
Added to KEV Sep 14, 2023 · Adobe Acrobat and Reader
CVE-2023-4863Plan to patch
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.
Added to KEV Sep 13, 2023 · Google Chromium WebP
CVE-2023-36802Plan to patch
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Affects anyone running Microsoft Streaming Service Proxy. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Sep 12, 2023 · Microsoft Streaming Service Proxy
CVE-2023-32435Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jun 23, 2023 · Apple Multiple Products
CVE-2023-27997Known ransomware usePatch now
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
Added to KEV Jun 13, 2023 · Fortinet FortiOS and FortiProxy SSL-VPN
CVE-2023-32373Plan to patch
Apple Multiple Products WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 22, 2023 · Apple Multiple Products
CVE-2023-29336Plan to patch
Microsoft Win32K Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.
Added to KEV May 9, 2023 · Microsoft Win32k
CVE-2019-8526Plan to patch
Apple macOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
Added to KEV Apr 17, 2023 · Apple macOS
CVE-2023-28252Known ransomware usePatch now
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Apr 11, 2023 · Microsoft Windows
CVE-2023-28205Plan to patch
Apple Multiple Products WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Apr 10, 2023 · Apple Multiple Products
CVE-2023-28206Plan to patch
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
Added to KEV Apr 10, 2023 · Apple iOS, iPadOS, and macOS
CVE-2013-3163Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
Added to KEV Mar 30, 2023 · Microsoft Internet Explorer
CVE-2021-30900Plan to patch
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
Added to KEV Mar 30, 2023 · Apple iOS, iPadOS, and macOS
CVE-2022-3038Plan to patch
Google Chromium Network Service Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Mar 30, 2023 · Google Chromium Network Service
CVE-2023-23376Known ransomware usePatch now
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Feb 14, 2023 · Microsoft Windows
CVE-2023-21674Plan to patch
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Jan 10, 2023 · Microsoft Windows
CVE-2022-42475Known ransomware usePatch now
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
Added to KEV Dec 13, 2022 · Fortinet FortiOS
CVE-2022-4135Patch this week
Google Chromium GPU Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 28, 2022 · Google Chromium GPU
CVE-2022-41073Known ransomware usePatch now
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
Added to KEV Nov 8, 2022 · Microsoft Windows
CVE-2022-41125Plan to patch
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
Added to KEV Nov 8, 2022 · Microsoft Windows
CVE-2022-41128Plan to patch
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.
Added to KEV Nov 8, 2022 · Microsoft Windows
CVE-2022-42827Plan to patch
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
Added to KEV Oct 25, 2022 · Apple iOS and iPadOS
CVE-2022-37969Plan to patch
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Sep 14, 2022 · Microsoft Windows
CVE-2022-32917Plan to patch
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
Added to KEV Sep 14, 2022 · Apple iOS, iPadOS, and macOS
CVE-2022-32894Plan to patch
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Aug 18, 2022 · Apple iOS and macOS
CVE-2022-32893Plan to patch
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.
Added to KEV Aug 18, 2022 · Apple iOS and macOS
CVE-2020-3837Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2020-9907Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2019-8605Plan to patch
Apple Multiple Products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2019-5825Monitor
Google Chromium V8 Out-of-Bounds Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2018-17480Plan to patch
Google Chromium V8 Out-of-Bounds Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2016-5198Plan to patch
Google Chromium V8 Out-of-Bounds Memory Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2012-4969Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
Added to KEV Jun 8, 2022 · Microsoft Internet Explorer
CVE-2012-1889Plan to patch
Microsoft XML Core Services Memory Corruption Vulnerability
Affects anyone running Microsoft XML Core Services. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
Added to KEV Jun 8, 2022 · Microsoft XML Core Services
CVE-2012-0754Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2011-2462Patch this week
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Reader and Acrobat
CVE-2010-2883Plan to patch
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2010-1297Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2009-4324Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2009-1862Plan to patch
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader, Flash Player
CVE-2009-0563Plan to patch
Microsoft Office Buffer Overflow Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
Added to KEV Jun 8, 2022 · Microsoft Office
CVE-2009-0557Plan to patch
Microsoft Office Object Record Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.
Added to KEV Jun 8, 2022 · Microsoft Office
CVE-2009-3953Plan to patch
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2016-0984Plan to patch
Adobe Flash Player and AIR Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player and AIR. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.
Added to KEV May 25, 2022 · Adobe Flash Player and AIR
CVE-2015-2360Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS).
Added to KEV May 25, 2022 · Microsoft Win32k
CVE-2015-2425Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV May 25, 2022 · Microsoft Internet Explorer
CVE-2014-4148Plan to patch
Microsoft Windows Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts.
Added to KEV May 25, 2022 · Microsoft Windows
CVE-2014-8439Plan to patch
Adobe Flash Player Dereferenced Pointer Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.
Added to KEV May 25, 2022 · Adobe Flash Player
CVE-2017-0149Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.
Added to KEV May 24, 2022 · Microsoft Internet Explorer
CVE-2016-4656Plan to patch
Apple iOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application.
Added to KEV May 24, 2022 · Apple iOS
CVE-2016-4657Plan to patch
Apple iOS Webkit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 24, 2022 · Apple iOS
CVE-2016-6367Patch this week
Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code.
Added to KEV May 24, 2022 · Cisco Adaptive Security Appliance (ASA)
CVE-2019-7286Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation.
Added to KEV May 23, 2022 · Apple Multiple Products
CVE-2021-30883Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.
Added to KEV May 23, 2022 · Apple Multiple Products
CVE-2020-1027Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
Added to KEV May 23, 2022 · Microsoft Windows
CVE-2019-7287Plan to patch
Apple iOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.
Added to KEV May 23, 2022 · Apple iOS
CVE-2019-5786Monitor
Google Chrome Blink Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page.
Added to KEV May 23, 2022 · Google Chrome Blink
CVE-2019-13720Plan to patch
Google Chrome WebAudio Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Added to KEV May 23, 2022 · Google Chrome WebAudio
CVE-2018-5002Plan to patch
Adobe Flash Player Stack-based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution.
Added to KEV May 23, 2022 · Adobe Flash Player
CVE-2014-0322Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.
Added to KEV May 4, 2022 · Microsoft Internet Explorer
CVE-2010-5330Patch this week
Ubiquiti AirOS Command Injection Vulnerability
Affects anyone running Ubiquiti UniFi networking gear (access points, switches, security gateways, NVRs). The gear carries internal network traffic and often hosts video surveillance — exploitation can expose network traffic or grant management access to the network itself.
Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
Added to KEV Apr 15, 2022 · Ubiquiti AirOS
CVE-2022-24521Known ransomware usePatch now
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Apr 13, 2022 · Microsoft Windows
CVE-2015-5123Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-5122Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-0313Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-3113Patch this week
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-2502Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Microsoft Internet Explorer
CVE-2021-39793Plan to patch
Google Pixel Out-of-Bounds Write Vulnerability
Affects anyone running Google Pixel. Google products typically sit at the identity or browsing layer — exploitation usually affects access to cloud services and stored sessions.
Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
Added to KEV Apr 11, 2022 · Google Pixel
CVE-2021-31166Patch this week
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
Affects anyone running Microsoft HTTP Protocol Stack. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
Added to KEV Apr 6, 2022 · Microsoft HTTP Protocol Stack
CVE-2022-22675Plan to patch
Apple macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
Added to KEV Apr 4, 2022 · Apple macOS
CVE-2021-34486Plan to patch
Microsoft Windows Event Tracing Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
Added to KEV Mar 28, 2022 · Microsoft Windows
CVE-2016-7200Plan to patch
Microsoft Edge Memory Corruption Vulnerability
Affects anyone using Microsoft Edge as their browser. The browser is the entry point for cloud apps (accounting SaaS, client portals, banking) — exploitation can lead to session theft or stored-credential exposure for everything you log into through it.
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Added to KEV Mar 28, 2022 · Microsoft Edge
CVE-2016-0189Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Added to KEV Mar 28, 2022 · Microsoft Internet Explorer
CVE-2015-2419Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Added to KEV Mar 28, 2022 · Microsoft Internet Explorer
CVE-2013-2551Known ransomware usePatch now
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.
Added to KEV Mar 28, 2022 · Microsoft Internet Explorer
CVE-2012-2539Plan to patch
Microsoft Word Remote Code Execution Vulnerability
Affects anyone running Microsoft Word. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.
Added to KEV Mar 28, 2022 · Microsoft Word
CVE-2010-4398Plan to patch
Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.
Added to KEV Mar 28, 2022 · Microsoft Windows
CVE-2018-8373Plan to patch
Microsoft Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer Scripting Engine. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
Added to KEV Mar 25, 2022 · Microsoft Internet Explorer Scripting Engine
CVE-2016-7892Plan to patch
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
Added to KEV Mar 25, 2022 · Adobe Flash Player
CVE-2022-20708Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2022-20701Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2022-20700Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2019-1652Patch this week
Cisco Small Business Routers Improper Input Validation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.
Added to KEV Mar 3, 2022 · Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers
CVE-2018-0172Patch this week
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2016-7855Plan to patch
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2017-8540Plan to patch
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Affects anyone running Microsoft Malware Protection Engine. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
Added to KEV Mar 3, 2022 · Microsoft Malware Protection Engine
CVE-2017-0261Plan to patch
Microsoft Office Use-After-Free Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2015-5119Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2015-3043Patch this week
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2015-2424Plan to patch
Microsoft PowerPoint Memory Corruption Vulnerability
Affects anyone running Microsoft PowerPoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.
Added to KEV Mar 3, 2022 · Microsoft PowerPoint
CVE-2015-2387Plan to patch
Microsoft ATM Font Driver Privilege Escalation Vulnerability
Affects anyone running Microsoft ATM Font Driver. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.
Added to KEV Mar 3, 2022 · Microsoft ATM Font Driver
CVE-2015-1642Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2014-0496Plan to patch
Adobe Reader and Acrobat Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-3897Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.
Added to KEV Mar 3, 2022 · Microsoft Internet Explorer
CVE-2013-3346Patch this week
Adobe Reader and Acrobat Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-1347Plan to patch
Microsoft Internet Explorer Remote Code Execution Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
Added to KEV Mar 3, 2022 · Microsoft Internet Explorer
CVE-2013-0640Plan to patch
Adobe Reader and Acrobat Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2012-1535Plan to patch
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2010-3333Plan to patch
Microsoft Office Stack-based Buffer Overflow Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2009-3129Plan to patch
Microsoft Excel Featheader Record Memory Corruption Vulnerability
Affects anyone running Microsoft Excel. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.
Added to KEV Mar 3, 2022 · Microsoft Excel
CVE-2008-2992Known ransomware usePatch now
Adobe Reader and Acrobat Input Validation Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.
Added to KEV Mar 3, 2022 · Adobe Acrobat and Reader
CVE-2017-0222Plan to patch
Microsoft Internet Explorer Remote Code Execution Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
Added to KEV Feb 25, 2022 · Microsoft Internet Explorer
CVE-2022-0609Plan to patch
Google Chromium Animation Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Feb 15, 2022 · Google Chromium Animation
CVE-2018-8174Known ransomware usePatch now
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
Added to KEV Feb 15, 2022 · Microsoft Windows
CVE-2018-15982Known ransomware usePatch now
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability
Added to KEV Feb 15, 2022 · Adobe Flash Player
CVE-2014-1761Plan to patch
Microsoft Word Memory Corruption Vulnerability
Affects anyone running Microsoft Word. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.
Added to KEV Feb 15, 2022 · Microsoft Word
CVE-2013-3906Plan to patch
Microsoft Graphics Component Memory Corruption Vulnerability
Affects anyone running Microsoft Graphics Component. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.
Added to KEV Feb 15, 2022 · Microsoft Graphics Component
CVE-2022-22620Plan to patch
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Feb 11, 2022 · Apple iOS, iPadOS, and macOS
CVE-2015-1635Patch this week
Microsoft HTTP.sys Remote Code Execution Vulnerability
Affects anyone running Microsoft HTTP.sys. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.
Added to KEV Feb 10, 2022 · Microsoft HTTP.sys
CVE-2017-0263Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.
Added to KEV Feb 10, 2022 · Microsoft Win32k
CVE-2014-4404Plan to patch
Apple OS X Heap-Based Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.
Added to KEV Feb 10, 2022 · Apple OS X
CVE-2022-21882Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Feb 4, 2022 · Microsoft Win32k
CVE-2022-22587Patch this week
Apple Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.
Added to KEV Jan 28, 2022 · Apple iOS and macOS
CVE-2021-20038Known ransomware usePatch now
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
Added to KEV Jan 28, 2022 · SonicWall SMA 100 Appliances
CVE-2014-1776Patch this week
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.
Added to KEV Jan 28, 2022 · Microsoft Internet Explorer
CVE-2020-6572Plan to patch
Google Chrome Media Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Added to KEV Jan 10, 2022 · Google Chrome Media
CVE-2018-13383Known ransomware usePatch now
Fortinet FortiOS and FortiProxy Out-of-bounds Write
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.
Added to KEV Jan 10, 2022 · Fortinet FortiOS and FortiProxy
CVE-2021-4102Plan to patch
Google Chromium V8 Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Dec 15, 2021 · Google Chromium V8
CVE-2021-40449Known ransomware usePatch now
Microsoft Windows Win32k Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Unspecified vulnerability allows for an authenticated user to escalate privileges.
Added to KEV Nov 17, 2021 · Microsoft Windows
CVE-2021-21017Plan to patch
Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Adobe Acrobat and Reader
CVE-2021-28550Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Adobe Acrobat and Reader
CVE-2018-4878Known ransomware usePatch now
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe Flash Player
CVE-2021-30858Plan to patch
Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2020-27930Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30807Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-9818Plan to patch
Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and watchOS
CVE-2020-9819Monitor
Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and watchOS
CVE-2021-30762Plan to patch
Apple iOS WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-30661Plan to patch
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30665Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30761Plan to patch
Apple iOS WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-1497Patch this week
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.
Added to KEV Nov 3, 2021 · Cisco HyperFlex HX
CVE-2021-1498Patch this week
Cisco HyperFlex HX Data Platform Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.
Added to KEV Nov 3, 2021 · Cisco HyperFlex HX
CVE-2020-16010Patch this week
Google Chrome for Android UI Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Added to KEV Nov 3, 2021 · Google Chrome for Android UI
CVE-2020-15999Patch this week
Google Chrome FreeType Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
Added to KEV Nov 3, 2021 · Google Chrome FreeType
CVE-2020-16017Patch this week
Google Chrome Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Added to KEV Nov 3, 2021 · Google Chrome
CVE-2020-16009Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-30632Plan to patch
Google Chromium V8 Out-of-Bounds Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2020-16013Plan to patch
Google Chromium V8 Incorrect Implementation Vulnerabililty
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-30633Patch this week
Google Chromium Indexed DB API Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium Indexed DB API
CVE-2021-21148Plan to patch
Google Chromium V8 Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-37973Patch this week
Google Chromium Portals Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.
Added to KEV Nov 3, 2021 · Google Chromium Portals
CVE-2021-37975Plan to patch
Google Chromium V8 Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-30554Plan to patch
Google Chromium WebGL Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium WebGL
CVE-2021-21206Plan to patch
Google Chromium Blink Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium Blink
CVE-2021-21193Plan to patch
Google Chromium Blink Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium Blink
CVE-2021-21220Plan to patch
Google Chromium V8 Improper Input Validation Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2020-0878Known ransomware usePatch now
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
Affects anyone using Microsoft Edge as their browser. The browser is the entry point for cloud apps (accounting SaaS, client portals, banking) — exploitation can lead to session theft or stored-credential exposure for everything you log into through it.
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Edge and Internet Explorer
CVE-2021-33742Plan to patch
Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2020-0938Plan to patch
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2020-0986Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2020-1020Plan to patch
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2019-0708Known ransomware usePatch now
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Affects anyone running Microsoft Remote Desktop Services. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.
Added to KEV Nov 3, 2021 · Microsoft Remote Desktop Services
CVE-2021-1732Known ransomware usePatch now
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-28310Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-26411Known ransomware usePatch now
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2017-8759Plan to patch
Microsoft .NET Framework Remote Code Execution Vulnerability
Affects anyone running Microsoft .NET Framework. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.
Added to KEV Nov 3, 2021 · Microsoft .NET Framework
CVE-2018-8653Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2018-0798Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2018-0802Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2012-0158Plan to patch
Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability
Affects anyone running Microsoft MSCOMCTL.OCX. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft MSCOMCTL.OCX
CVE-2015-1641Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2019-0541Plan to patch
Microsoft MSHTML Remote Code Execution Vulnerability
Affects anyone running Microsoft MSHTML. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.
Added to KEV Nov 3, 2021 · Microsoft MSHTML
CVE-2020-0674Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2019-1367Known ransomware usePatch now
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2020-1380Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2019-1429Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2020-0968Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2020-1054Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-34448Monitor
Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-22893Known ransomware usePatch now
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2020-8243Patch this week
Ivanti Pulse Connect Secure Code Execution Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2021-22900Patch this week
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2021-22894Patch this week
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2021-22899Patch this week
Ivanti Pulse Connect Secure Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2019-11539Known ransomware usePatch now
Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure and Pulse Policy Secure
CVE-2018-0171Patch this week
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.
Added to KEV Nov 3, 2021 · Cisco IOS and IOS XE
CVE-2020-3118Patch this week
Cisco IOS XR Software Discovery Protocol Format String Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.
Added to KEV Nov 3, 2021 · Cisco IOS XR

KEV topic

Remote code execution KEV entries

Updated 17 hours ago. 251 entries in this topic. All SMB-relevant entries.

CVE-2026-10520Patch this week
Ivanti Sentry OS Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Sentry (formerly known as MobileIron Sentry) contains an OS command injection vulnerability which could allow a remote unauthenticated user to achieve root-level remote code execution. This vulnerability can be successfully exploited in cases where the Sentry appliance is in an unmanaged state with its endpoints externally reachable. The use of mTLS with EPMM or restricted HTTPS access through Neurons for MDM makes interfaces inaccessible to external actors.
Added to KEV Jun 11, 2026 · Ivanti Sentry
CVE-2026-11645Plan to patch
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 out-of-bounds read and write vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 9, 2026 · Google Chromium V8
CVE-2008-4250Patch this week
Microsoft Windows Buffer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization.
Added to KEV May 20, 2026 · Microsoft Windows
CVE-2010-0249Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV May 20, 2026 · Microsoft Internet Explorer
CVE-2010-0806Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV May 20, 2026 · Microsoft Internet Explorer
CVE-2026-0300Patch this week
Palo Alto Networks PAN-OS Out-of-bounds Write Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets.
Added to KEV May 6, 2026 · Palo Alto Networks PAN-OS
CVE-2009-0238Plan to patch
Microsoft Office Remote Code Execution
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object.
Added to KEV Apr 14, 2026 · Microsoft Office
CVE-2020-9715Plan to patch
Adobe Acrobat Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat contains a use-after-free vulnerability that allows for code execution
Added to KEV Apr 13, 2026 · Adobe Acrobat
CVE-2026-1340Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Added to KEV Apr 8, 2026 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2026-5281Plan to patch
Google Dawn Use-After-Free Vulnerability
Affects anyone running Google Dawn. Google products typically sit at the identity or browsing layer — exploitation usually affects access to cloud services and stored sessions.
Google Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Apr 1, 2026 · Google Dawn
CVE-2026-3910Plan to patch
Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Mar 13, 2026 · Google Chromium V8
CVE-2026-3909Plan to patch
Google Skia Out-of-Bounds Write Vulnerability
Affects anyone running Google Skia. Google products typically sit at the identity or browsing layer — exploitation usually affects access to cloud services and stored sessions.
Google Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.
Added to KEV Mar 13, 2026 · Google Skia
CVE-2023-43000Plan to patch
Apple Multiple products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption.
Added to KEV Mar 5, 2026 · Apple Multiple Products
CVE-2023-41974Plan to patch
Apple iOS and iPadOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges.
Added to KEV Mar 5, 2026 · Apple iOS and iPadOS
CVE-2026-2441Plan to patch
Google Chromium CSS Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Feb 17, 2026 · Google Chromium
CVE-2026-1281Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution.
Added to KEV Jan 29, 2026 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2026-20045Patch this week
Cisco Unified Communications Products Code Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection vulnerability that could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root.
Added to KEV Jan 21, 2026 · Cisco Unified Communications Manager
CVE-2009-0556Plan to patch
Microsoft Office PowerPoint Code Injection Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption.
Added to KEV Jan 7, 2026 · Microsoft Office
CVE-2025-43529Plan to patch
Apple Multiple Products Use-After-Free WebKit Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Dec 15, 2025 · Apple Multiple Products
CVE-2025-14174Plan to patch
Google Chromium Out of Bounds Memory Access Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Dec 12, 2025 · Google Chromium
CVE-2025-62221Plan to patch
Microsoft Windows Use After Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally.
Added to KEV Dec 9, 2025 · Microsoft Windows
CVE-2025-58034Patch this week
Fortinet FortiWeb OS Command Injection Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands.
Added to KEV Nov 18, 2025 · Fortinet FortiWeb
CVE-2010-3962Plan to patch
Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV Oct 6, 2025 · Microsoft Internet Explorer
CVE-2013-3918Plan to patch
Microsoft Windows Out-of-Bounds Write Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV Oct 6, 2025 · Microsoft Windows
CVE-2025-43300Patch this week
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework.
Added to KEV Aug 21, 2025 · Apple iOS, iPadOS, and macOS
CVE-2013-3893Plan to patch
Microsoft Internet Explorer Resource Management Errors Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.
Added to KEV Aug 12, 2025 · Microsoft Internet Explorer
CVE-2025-49704Known ransomware usePatch now
Microsoft SharePoint Code Injection Vulnerability
Affects anyone running Microsoft SharePoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704.
Added to KEV Jul 22, 2025 · Microsoft SharePoint
CVE-2025-5419Plan to patch
Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 5, 2025 · Google Chromium V8
CVE-2025-4428Patch this week
Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036.
Added to KEV May 19, 2025 · Ivanti Endpoint Manager Mobile (EPMM)
CVE-2025-32756Patch this week
Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests.
Added to KEV May 14, 2025 · Fortinet Multiple Products
CVE-2025-32709Plan to patch
Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator.
Added to KEV May 13, 2025 · Microsoft Windows
CVE-2025-32701Plan to patch
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV May 13, 2025 · Microsoft Windows
CVE-2025-30400Plan to patch
Microsoft Windows DWM Core Library Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV May 13, 2025 · Microsoft Windows
CVE-2023-44221Patch this week
SonicWall SMA100 Appliances OS Command Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.
Added to KEV May 1, 2025 · SonicWall SMA100 Appliances
CVE-2021-20035Plan to patch
SonicWall SMA100 Appliances OS Command Injection Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.
Added to KEV Apr 16, 2025 · SonicWall SMA100 Appliances
CVE-2025-29824Known ransomware usePatch now
Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV Apr 8, 2025 · Microsoft Windows
CVE-2025-22457Known ransomware usePatch now
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.
Added to KEV Apr 4, 2025 · Ivanti Connect Secure, Policy Secure, and ZTA Gateways
CVE-2025-24201Patch this week
Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Mar 13, 2025 · Apple Multiple Products
CVE-2025-24983Plan to patch
Microsoft Windows Win32k Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally.
Added to KEV Mar 11, 2025 · Microsoft Windows
CVE-2023-20118Plan to patch
Cisco Small Business RV Series Routers Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data.
Added to KEV Mar 3, 2025 · Cisco Small Business RV Series Routers
CVE-2025-24085Patch this week
Apple Multiple Products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges.
Added to KEV Jan 29, 2025 · Apple Multiple Products
CVE-2025-21335Plan to patch
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
Added to KEV Jan 14, 2025 · Microsoft Windows
CVE-2025-21334Plan to patch
Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.
Added to KEV Jan 14, 2025 · Microsoft Windows
CVE-2025-0282Known ransomware usePatch now
Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.
Added to KEV Jan 8, 2025 · Ivanti Connect Secure, Policy Secure, and ZTA Gateways
CVE-2024-9474Known ransomware usePatch now
Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators.
Added to KEV Nov 18, 2024 · Palo Alto Networks PAN-OS
CVE-2024-9463Patch this week
Palo Alto Networks Expedition OS Command Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls.
Added to KEV Nov 14, 2024 · Palo Alto Networks Expedition
CVE-2024-9380Patch this week
Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Added to KEV Oct 9, 2024 · Ivanti Cloud Services Appliance (CSA)
CVE-2024-8190Patch this week
Ivanti Cloud Services Appliance OS Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Added to KEV Sep 13, 2024 · Ivanti Cloud Services Appliance
CVE-2024-7965Plan to patch
Google Chromium V8 Inappropriate Implementation Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Aug 28, 2024 · Google Chromium V8
CVE-2024-38107Plan to patch
Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.
Added to KEV Aug 13, 2024 · Microsoft Windows
CVE-2024-38193Plan to patch
Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.
Added to KEV Aug 13, 2024 · Microsoft Windows
CVE-2012-4792Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.
Added to KEV Jul 23, 2024 · Microsoft Internet Explorer
CVE-2024-20399Plan to patch
Cisco NX-OS Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.
Added to KEV Jul 2, 2024 · Cisco NX-OS
CVE-2024-4761Plan to patch
Google Chromium V8 Out-of-Bounds Memory Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV May 16, 2024 · Google Chromium V8
CVE-2024-30051Known ransomware usePatch now
Microsoft DWM Core Library Privilege Escalation Vulnerability
Affects anyone running Microsoft DWM Core Library. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.
Added to KEV May 14, 2024 · Microsoft DWM Core Library
CVE-2024-4671Patch this week
Google Chromium Visuals Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV May 13, 2024 · Google Chromium
CVE-2024-20359Plan to patch
Cisco ASA and FTD Privilege Escalation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root.
Added to KEV Apr 24, 2024 · Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)
CVE-2024-3400Known ransomware usePatch now
Palo Alto Networks PAN-OS Command Injection Vulnerability
Affects anyone behind a Palo Alto firewall or using GlobalProtect VPN. The firewall is the network edge; the VPN is how remote workers reach inside the perimeter — exploitation puts an attacker on the internal network without touching a workstation.
Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall.
Added to KEV Apr 12, 2024 · Palo Alto Networks PAN-OS
CVE-2023-24955Known ransomware usePatch now
Microsoft SharePoint Server Code Injection Vulnerability
Affects anyone running Microsoft SharePoint Server. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.
Added to KEV Mar 26, 2024 · Microsoft SharePoint Server
CVE-2021-44529Known ransomware usePatch now
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).
Added to KEV Mar 25, 2024 · Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA)
CVE-2024-23225Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Added to KEV Mar 6, 2024 · Apple Multiple Products
CVE-2024-23296Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections.
Added to KEV Mar 6, 2024 · Apple Multiple Products
CVE-2024-21351Plan to patch
Microsoft Windows SmartScreen Security Feature Bypass Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.
Added to KEV Feb 13, 2024 · Microsoft Windows
CVE-2024-21762Known ransomware usePatch now
Fortinet FortiOS Out-of-Bound Write Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
Added to KEV Feb 9, 2024 · Fortinet FortiOS
CVE-2024-0519Plan to patch
Google Chromium V8 Out-of-Bounds Memory Access Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jan 17, 2024 · Google Chromium V8
CVE-2024-21887Known ransomware usePatch now
Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue.
Added to KEV Jan 10, 2024 · Ivanti Connect Secure and Policy Secure
CVE-2023-7024Plan to patch
Google Chromium WebRTC Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.
Added to KEV Jan 2, 2024 · Google Chromium WebRTC
CVE-2023-42917Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Dec 4, 2023 · Apple Multiple Products
CVE-2023-36036Plan to patch
Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.
Added to KEV Nov 14, 2023 · Microsoft Windows
CVE-2023-20273Patch this week
Cisco IOS XE Web UI Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.
Added to KEV Oct 23, 2023 · Cisco IOS XE Web UI
CVE-2023-21608Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user.
Added to KEV Oct 10, 2023 · Adobe Acrobat and Reader
CVE-2023-20109Plan to patch
Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash.
Added to KEV Oct 10, 2023 · Cisco IOS and IOS XE
CVE-2023-5217Plan to patch
Google Chromium libvpx Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.
Added to KEV Oct 2, 2023 · Google Chromium libvpx
CVE-2023-26369Plan to patch
Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.
Added to KEV Sep 14, 2023 · Adobe Acrobat and Reader
CVE-2023-4863Plan to patch
Google Chromium WebP Heap-Based Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.
Added to KEV Sep 13, 2023 · Google Chromium WebP
CVE-2023-36802Plan to patch
Microsoft Streaming Service Proxy Privilege Escalation Vulnerability
Affects anyone running Microsoft Streaming Service Proxy. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Sep 12, 2023 · Microsoft Streaming Service Proxy
CVE-2023-32435Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Jun 23, 2023 · Apple Multiple Products
CVE-2023-27997Known ransomware usePatch now
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
Added to KEV Jun 13, 2023 · Fortinet FortiOS and FortiProxy SSL-VPN
CVE-2023-32373Plan to patch
Apple Multiple Products WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 22, 2023 · Apple Multiple Products
CVE-2023-29336Plan to patch
Microsoft Win32K Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges.
Added to KEV May 9, 2023 · Microsoft Win32k
CVE-2019-8526Plan to patch
Apple macOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation.
Added to KEV Apr 17, 2023 · Apple macOS
CVE-2023-28252Known ransomware usePatch now
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Apr 11, 2023 · Microsoft Windows
CVE-2023-28205Plan to patch
Apple Multiple Products WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Apr 10, 2023 · Apple Multiple Products
CVE-2023-28206Plan to patch
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
Added to KEV Apr 10, 2023 · Apple iOS, iPadOS, and macOS
CVE-2013-3163Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
Added to KEV Mar 30, 2023 · Microsoft Internet Explorer
CVE-2021-30900Plan to patch
Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
Added to KEV Mar 30, 2023 · Apple iOS, iPadOS, and macOS
CVE-2022-3038Plan to patch
Google Chromium Network Service Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Mar 30, 2023 · Google Chromium Network Service
CVE-2023-23376Known ransomware usePatch now
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Feb 14, 2023 · Microsoft Windows
CVE-2023-21674Plan to patch
Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Jan 10, 2023 · Microsoft Windows
CVE-2022-42475Known ransomware usePatch now
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
Added to KEV Dec 13, 2022 · Fortinet FortiOS
CVE-2022-4135Patch this week
Google Chromium GPU Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 28, 2022 · Google Chromium GPU
CVE-2022-41073Known ransomware usePatch now
Microsoft Windows Print Spooler Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
Added to KEV Nov 8, 2022 · Microsoft Windows
CVE-2022-41125Plan to patch
Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.
Added to KEV Nov 8, 2022 · Microsoft Windows
CVE-2022-41128Plan to patch
Microsoft Windows Scripting Languages Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.
Added to KEV Nov 8, 2022 · Microsoft Windows
CVE-2022-42827Plan to patch
Apple iOS and iPadOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.
Added to KEV Oct 25, 2022 · Apple iOS and iPadOS
CVE-2022-37969Plan to patch
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Sep 14, 2022 · Microsoft Windows
CVE-2022-32917Plan to patch
Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.
Added to KEV Sep 14, 2022 · Apple iOS, iPadOS, and macOS
CVE-2022-32894Plan to patch
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Aug 18, 2022 · Apple iOS and macOS
CVE-2022-32893Plan to patch
Apple iOS and macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content.
Added to KEV Aug 18, 2022 · Apple iOS and macOS
CVE-2020-3837Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2020-9907Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2019-8605Plan to patch
Apple Multiple Products Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges.
Added to KEV Jun 27, 2022 · Apple Multiple Products
CVE-2019-5825Monitor
Google Chromium V8 Out-of-Bounds Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2018-17480Plan to patch
Google Chromium V8 Out-of-Bounds Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2016-5198Plan to patch
Google Chromium V8 Out-of-Bounds Memory Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Jun 8, 2022 · Google Chromium V8
CVE-2012-4969Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
Added to KEV Jun 8, 2022 · Microsoft Internet Explorer
CVE-2012-1889Plan to patch
Microsoft XML Core Services Memory Corruption Vulnerability
Affects anyone running Microsoft XML Core Services. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
Added to KEV Jun 8, 2022 · Microsoft XML Core Services
CVE-2012-0754Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2011-2462Patch this week
Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Reader and Acrobat
CVE-2010-2883Plan to patch
Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2010-1297Plan to patch
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Flash Player
CVE-2009-4324Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2009-1862Plan to patch
Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader, Flash Player
CVE-2009-0563Plan to patch
Microsoft Office Buffer Overflow Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field.
Added to KEV Jun 8, 2022 · Microsoft Office
CVE-2009-0557Plan to patch
Microsoft Office Object Record Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object.
Added to KEV Jun 8, 2022 · Microsoft Office
CVE-2009-3953Plan to patch
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.
Added to KEV Jun 8, 2022 · Adobe Acrobat and Reader
CVE-2016-0984Plan to patch
Adobe Flash Player and AIR Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player and AIR. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.
Added to KEV May 25, 2022 · Adobe Flash Player and AIR
CVE-2015-2360Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS).
Added to KEV May 25, 2022 · Microsoft Win32k
CVE-2015-2425Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Added to KEV May 25, 2022 · Microsoft Internet Explorer
CVE-2014-4148Plan to patch
Microsoft Windows Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts.
Added to KEV May 25, 2022 · Microsoft Windows
CVE-2014-8439Plan to patch
Adobe Flash Player Dereferenced Pointer Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution.
Added to KEV May 25, 2022 · Adobe Flash Player
CVE-2017-0149Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website.
Added to KEV May 24, 2022 · Microsoft Internet Explorer
CVE-2016-4656Plan to patch
Apple iOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application.
Added to KEV May 24, 2022 · Apple iOS
CVE-2016-4657Plan to patch
Apple iOS Webkit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV May 24, 2022 · Apple iOS
CVE-2016-6367Patch this week
Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code.
Added to KEV May 24, 2022 · Cisco Adaptive Security Appliance (ASA)
CVE-2019-7286Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation.
Added to KEV May 23, 2022 · Apple Multiple Products
CVE-2021-30883Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.
Added to KEV May 23, 2022 · Apple Multiple Products
CVE-2020-1027Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.
Added to KEV May 23, 2022 · Microsoft Windows
CVE-2019-7287Plan to patch
Apple iOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.
Added to KEV May 23, 2022 · Apple iOS
CVE-2019-5786Monitor
Google Chrome Blink Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page.
Added to KEV May 23, 2022 · Google Chrome Blink
CVE-2019-13720Plan to patch
Google Chrome WebAudio Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Added to KEV May 23, 2022 · Google Chrome WebAudio
CVE-2018-5002Plan to patch
Adobe Flash Player Stack-based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution.
Added to KEV May 23, 2022 · Adobe Flash Player
CVE-2014-0322Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code.
Added to KEV May 4, 2022 · Microsoft Internet Explorer
CVE-2010-5330Patch this week
Ubiquiti AirOS Command Injection Vulnerability
Affects anyone running Ubiquiti UniFi networking gear (access points, switches, security gateways, NVRs). The gear carries internal network traffic and often hosts video surveillance — exploitation can expose network traffic or grant management access to the network itself.
Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.
Added to KEV Apr 15, 2022 · Ubiquiti AirOS
CVE-2022-24521Known ransomware usePatch now
Microsoft Windows CLFS Driver Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Apr 13, 2022 · Microsoft Windows
CVE-2015-5123Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-5122Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-0313Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-3113Patch this week
Adobe Flash Player Heap-Based Buffer Overflow Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.
Added to KEV Apr 13, 2022 · Adobe Flash Player
CVE-2015-2502Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).
Added to KEV Apr 13, 2022 · Microsoft Internet Explorer
CVE-2021-39793Plan to patch
Google Pixel Out-of-Bounds Write Vulnerability
Affects anyone running Google Pixel. Google products typically sit at the identity or browsing layer — exploitation usually affects access to cloud services and stored sessions.
Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
Added to KEV Apr 11, 2022 · Google Pixel
CVE-2021-31166Patch this week
Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability
Affects anyone running Microsoft HTTP Protocol Stack. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
Added to KEV Apr 6, 2022 · Microsoft HTTP Protocol Stack
CVE-2022-22675Plan to patch
Apple macOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
Added to KEV Apr 4, 2022 · Apple macOS
CVE-2021-34486Plan to patch
Microsoft Windows Event Tracing Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
Added to KEV Mar 28, 2022 · Microsoft Windows
CVE-2016-7200Plan to patch
Microsoft Edge Memory Corruption Vulnerability
Affects anyone using Microsoft Edge as their browser. The browser is the entry point for cloud apps (accounting SaaS, client portals, banking) — exploitation can lead to session theft or stored-credential exposure for everything you log into through it.
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Added to KEV Mar 28, 2022 · Microsoft Edge
CVE-2016-0189Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Added to KEV Mar 28, 2022 · Microsoft Internet Explorer
CVE-2015-2419Plan to patch
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Added to KEV Mar 28, 2022 · Microsoft Internet Explorer
CVE-2013-2551Known ransomware usePatch now
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.
Added to KEV Mar 28, 2022 · Microsoft Internet Explorer
CVE-2012-2539Plan to patch
Microsoft Word Remote Code Execution Vulnerability
Affects anyone running Microsoft Word. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.
Added to KEV Mar 28, 2022 · Microsoft Word
CVE-2010-4398Plan to patch
Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.
Added to KEV Mar 28, 2022 · Microsoft Windows
CVE-2018-8373Plan to patch
Microsoft Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer Scripting Engine. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
Added to KEV Mar 25, 2022 · Microsoft Internet Explorer Scripting Engine
CVE-2016-7892Plan to patch
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
Added to KEV Mar 25, 2022 · Adobe Flash Player
CVE-2022-20708Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2022-20701Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2022-20700Patch this week
Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS).
Added to KEV Mar 3, 2022 · Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers
CVE-2019-1652Patch this week
Cisco Small Business Routers Improper Input Validation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands.
Added to KEV Mar 3, 2022 · Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers
CVE-2018-0172Patch this week
Cisco IOS and IOS XE Software Improper Input Validation Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS).
Added to KEV Mar 3, 2022 · Cisco IOS and IOS XE Software
CVE-2016-7855Plan to patch
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2017-8540Plan to patch
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability
Affects anyone running Microsoft Malware Protection Engine. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".
Added to KEV Mar 3, 2022 · Microsoft Malware Protection Engine
CVE-2017-0261Plan to patch
Microsoft Office Use-After-Free Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2015-5119Patch this week
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2015-3043Patch this week
Adobe Flash Player Memory Corruption Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2015-2424Plan to patch
Microsoft PowerPoint Memory Corruption Vulnerability
Affects anyone running Microsoft PowerPoint. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.
Added to KEV Mar 3, 2022 · Microsoft PowerPoint
CVE-2015-2387Plan to patch
Microsoft ATM Font Driver Privilege Escalation Vulnerability
Affects anyone running Microsoft ATM Font Driver. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.
Added to KEV Mar 3, 2022 · Microsoft ATM Font Driver
CVE-2015-1642Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2014-0496Plan to patch
Adobe Reader and Acrobat Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-3897Plan to patch
Microsoft Internet Explorer Use-After-Free Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.
Added to KEV Mar 3, 2022 · Microsoft Internet Explorer
CVE-2013-3346Patch this week
Adobe Reader and Acrobat Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2013-1347Plan to patch
Microsoft Internet Explorer Remote Code Execution Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
Added to KEV Mar 3, 2022 · Microsoft Internet Explorer
CVE-2013-0640Plan to patch
Adobe Reader and Acrobat Memory Corruption Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Adobe Reader and Acrobat
CVE-2012-1535Plan to patch
Adobe Flash Player Arbitrary Code Execution Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.
Added to KEV Mar 3, 2022 · Adobe Flash Player
CVE-2010-3333Plan to patch
Microsoft Office Stack-based Buffer Overflow Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.
Added to KEV Mar 3, 2022 · Microsoft Office
CVE-2009-3129Plan to patch
Microsoft Excel Featheader Record Memory Corruption Vulnerability
Affects anyone running Microsoft Excel. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset.
Added to KEV Mar 3, 2022 · Microsoft Excel
CVE-2008-2992Known ransomware usePatch now
Adobe Reader and Acrobat Input Validation Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.
Added to KEV Mar 3, 2022 · Adobe Acrobat and Reader
CVE-2017-0222Plan to patch
Microsoft Internet Explorer Remote Code Execution Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.
Added to KEV Feb 25, 2022 · Microsoft Internet Explorer
CVE-2022-0609Plan to patch
Google Chromium Animation Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Feb 15, 2022 · Google Chromium Animation
CVE-2018-8174Known ransomware usePatch now
Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution"
Added to KEV Feb 15, 2022 · Microsoft Windows
CVE-2018-15982Known ransomware usePatch now
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability
Added to KEV Feb 15, 2022 · Adobe Flash Player
CVE-2014-1761Plan to patch
Microsoft Word Memory Corruption Vulnerability
Affects anyone running Microsoft Word. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution.
Added to KEV Feb 15, 2022 · Microsoft Word
CVE-2013-3906Plan to patch
Microsoft Graphics Component Memory Corruption Vulnerability
Affects anyone running Microsoft Graphics Component. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution.
Added to KEV Feb 15, 2022 · Microsoft Graphics Component
CVE-2022-22620Plan to patch
Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Feb 11, 2022 · Apple iOS, iPadOS, and macOS
CVE-2015-1635Patch this week
Microsoft HTTP.sys Remote Code Execution Vulnerability
Affects anyone running Microsoft HTTP.sys. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.
Added to KEV Feb 10, 2022 · Microsoft HTTP.sys
CVE-2017-0263Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory.
Added to KEV Feb 10, 2022 · Microsoft Win32k
CVE-2014-4404Plan to patch
Apple OS X Heap-Based Buffer Overflow Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.
Added to KEV Feb 10, 2022 · Apple OS X
CVE-2022-21882Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Feb 4, 2022 · Microsoft Win32k
CVE-2022-22587Patch this week
Apple Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.
Added to KEV Jan 28, 2022 · Apple iOS and macOS
CVE-2021-20038Known ransomware usePatch now
SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability
Affects anyone whose network is fronted by a SonicWall firewall or SSL VPN. The device sits at the edge between your office and the internet and authenticates remote workers — exploitation typically means an attacker reaches inside without needing a user credential.
SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.
Added to KEV Jan 28, 2022 · SonicWall SMA 100 Appliances
CVE-2014-1776Patch this week
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.
Added to KEV Jan 28, 2022 · Microsoft Internet Explorer
CVE-2020-6572Plan to patch
Google Chrome Media Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Added to KEV Jan 10, 2022 · Google Chrome Media
CVE-2018-13383Known ransomware usePatch now
Fortinet FortiOS and FortiProxy Out-of-bounds Write
Affects anyone whose internet connection goes through a Fortinet appliance — typically a FortiGate firewall or FortiClient VPN. The firewall sits between every device in the office and the internet; exploitation can mean an attacker gets inside the network perimeter without touching a workstation.
A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users.
Added to KEV Jan 10, 2022 · Fortinet FortiOS and FortiProxy
CVE-2021-4102Plan to patch
Google Chromium V8 Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Dec 15, 2021 · Google Chromium V8
CVE-2021-40449Known ransomware usePatch now
Microsoft Windows Win32k Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Unspecified vulnerability allows for an authenticated user to escalate privileges.
Added to KEV Nov 17, 2021 · Microsoft Windows
CVE-2021-21017Plan to patch
Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Adobe Acrobat and Reader
CVE-2021-28550Plan to patch
Adobe Acrobat and Reader Use-After-Free Vulnerability
Affects anyone opening, editing, or signing PDFs in Adobe Acrobat or Reader. For a CPA or legal practice, PDFs are typically client tax returns, engagement letters, signed agreements, and discovery documents — opening a malicious PDF runs attacker code in the user's session, which can pivot to file shares or email.
Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Adobe Acrobat and Reader
CVE-2018-4878Known ransomware usePatch now
Adobe Flash Player Use-After-Free Vulnerability
Affects anyone running Adobe Flash Player. If it's part of your document workflow, exploitation can lead to code execution when a user opens an attacker-controlled file.
Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
Added to KEV Nov 3, 2021 · Adobe Flash Player
CVE-2021-30858Plan to patch
Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and macOS
CVE-2020-27930Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30807Plan to patch
Apple Multiple Products Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2020-9818Plan to patch
Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and watchOS
CVE-2020-9819Monitor
Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.
Added to KEV Nov 3, 2021 · Apple iOS, iPadOS, and watchOS
CVE-2021-30762Plan to patch
Apple iOS WebKit Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-30661Plan to patch
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30665Plan to patch
Apple Multiple Products WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple Multiple Products
CVE-2021-30761Plan to patch
Apple iOS WebKit Memory Corruption Vulnerability
Affects anyone running Macs, iPhones, or iPads in the office. For a small practice, Apple endpoints are typically how staff handle email, browse client portals, and store local case files — exploitation gives an attacker access to that data on the device.
Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Added to KEV Nov 3, 2021 · Apple iOS
CVE-2021-1497Patch this week
Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.
Added to KEV Nov 3, 2021 · Cisco HyperFlex HX
CVE-2021-1498Patch this week
Cisco HyperFlex HX Data Platform Command Injection Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user.
Added to KEV Nov 3, 2021 · Cisco HyperFlex HX
CVE-2020-16010Patch this week
Google Chrome for Android UI Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Added to KEV Nov 3, 2021 · Google Chrome for Android UI
CVE-2020-15999Patch this week
Google Chrome FreeType Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.
Added to KEV Nov 3, 2021 · Google Chrome FreeType
CVE-2020-16017Patch this week
Google Chrome Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Added to KEV Nov 3, 2021 · Google Chrome
CVE-2020-16009Plan to patch
Google Chromium V8 Type Confusion Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-30632Plan to patch
Google Chromium V8 Out-of-Bounds Write Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2020-16013Plan to patch
Google Chromium V8 Incorrect Implementation Vulnerabililty
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-30633Patch this week
Google Chromium Indexed DB API Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium Indexed DB API
CVE-2021-21148Plan to patch
Google Chromium V8 Heap Buffer Overflow Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-37973Patch this week
Google Chromium Portals Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.
Added to KEV Nov 3, 2021 · Google Chromium Portals
CVE-2021-37975Plan to patch
Google Chromium V8 Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2021-30554Plan to patch
Google Chromium WebGL Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium WebGL
CVE-2021-21206Plan to patch
Google Chromium Blink Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium Blink
CVE-2021-21193Plan to patch
Google Chromium Blink Use-After-Free Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium Blink
CVE-2021-21220Plan to patch
Google Chromium V8 Improper Input Validation Vulnerability
Affects anyone using Chrome or Chromium as their browser. The browser is where staff log into cloud apps, banking, and client portals — exploitation can mean session theft or credential exposure for every site you're signed into.
Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added to KEV Nov 3, 2021 · Google Chromium V8
CVE-2020-0878Known ransomware usePatch now
Microsoft Edge and Internet Explorer Memory Corruption Vulnerability
Affects anyone using Microsoft Edge as their browser. The browser is the entry point for cloud apps (accounting SaaS, client portals, banking) — exploitation can lead to session theft or stored-credential exposure for everything you log into through it.
Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Edge and Internet Explorer
CVE-2021-33742Plan to patch
Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2020-0938Plan to patch
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2020-0986Plan to patch
Microsoft Windows Kernel Privilege Escalation Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2020-1020Plan to patch
Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2019-0708Known ransomware usePatch now
Microsoft Remote Desktop Services Remote Code Execution Vulnerability
Affects anyone running Microsoft Remote Desktop Services. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep.
Added to KEV Nov 3, 2021 · Microsoft Remote Desktop Services
CVE-2021-1732Known ransomware usePatch now
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-28310Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-26411Known ransomware usePatch now
Microsoft Internet Explorer Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2017-8759Plan to patch
Microsoft .NET Framework Remote Code Execution Vulnerability
Affects anyone running Microsoft .NET Framework. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system.
Added to KEV Nov 3, 2021 · Microsoft .NET Framework
CVE-2018-8653Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2018-0798Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2018-0802Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2012-0158Plan to patch
Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability
Affects anyone running Microsoft MSCOMCTL.OCX. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft MSCOMCTL.OCX
CVE-2015-1641Plan to patch
Microsoft Office Memory Corruption Vulnerability
Affects anyone using Microsoft 365 or Office to compose, store, or send email, documents, or spreadsheets. In a small practice, that's typically where client communications, engagement letters, and case notes live — credential compromise here means an attacker reads everything that platform stores.
Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Office
CVE-2019-0541Plan to patch
Microsoft MSHTML Remote Code Execution Vulnerability
Affects anyone running Microsoft MSHTML. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.
Added to KEV Nov 3, 2021 · Microsoft MSHTML
CVE-2020-0674Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2019-1367Known ransomware usePatch now
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2020-1380Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2019-1429Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2020-0968Plan to patch
Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability
Affects anyone running Microsoft Internet Explorer. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.
Added to KEV Nov 3, 2021 · Microsoft Internet Explorer
CVE-2020-1054Plan to patch
Microsoft Win32k Privilege Escalation Vulnerability
Affects anyone running Microsoft Win32k. Microsoft products in a small practice typically sit close to credentials, email, or document workflows — treat the patch as in-scope.
Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.
Added to KEV Nov 3, 2021 · Microsoft Win32k
CVE-2021-34448Monitor
Microsoft Windows Scripting Engine Memory Corruption Vulnerability
Affects anyone running Windows workstations or servers. In a small CPA, legal, or dental practice, Windows is typically the platform your accounting, document management, or practice management software runs on — exploitation gives an attacker access to whatever client files and credentials live on those machines.
Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.
Added to KEV Nov 3, 2021 · Microsoft Windows
CVE-2021-22893Known ransomware usePatch now
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2020-8243Patch this week
Ivanti Pulse Connect Secure Code Execution Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2021-22900Patch this week
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2021-22894Patch this week
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2021-22899Patch this week
Ivanti Pulse Connect Secure Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure
CVE-2019-11539Known ransomware usePatch now
Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability
Affects anyone using Ivanti VPN (Connect Secure or Pulse) or Ivanti endpoint management. The VPN is what remote workers use to reach internal systems; the endpoint management tool typically has admin reach into every laptop — exploitation in either is high-impact.
Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
Added to KEV Nov 3, 2021 · Ivanti Pulse Connect Secure and Pulse Policy Secure
CVE-2018-0171Patch this week
Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device.
Added to KEV Nov 3, 2021 · Cisco IOS and IOS XE
CVE-2020-3118Patch this week
Cisco IOS XR Software Discovery Protocol Format String Vulnerability
Affects anyone with Cisco networking or security appliances on their network — typically a firewall, switch, or remote-access VPN. That device controls traffic to and from every workstation; exploitation can mean an attacker pivots inside the network without touching any user device.
Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.
Added to KEV Nov 3, 2021 · Cisco IOS XR