Cybersecurity Alerts

Actively Exploited Vulnerabilities

The vulnerabilities listed below are sourced from the CISA Known Exploited Vulnerabilities catalog and represent security flaws that are actively being exploited in the wild. This list is updated daily. If you are unsure whether your systems are affected, contact us and we will help you assess your exposure.

CVE-2016-7892
Adobe | Flash Player
Adobe Flash Player Use-After-Free Vulnerability
Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2016-4171
Adobe | Flash Player
Adobe Flash Player Remote Code Execution Vulnerability
Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2016-1555
NETGEAR | Wireless Access Point (WAP) Devices
NETGEAR Multiple WAP Devices Command Injection Vulnerability
Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2016-11021
D-Link | DCS-930L Devices
D-Link DCS-930L Devices OS Command Injection Vulnerability
setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2016-10174
NETGEAR | WNR2000v5 Router
NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability
The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2016-0752
Rails | Ruby on Rails
Ruby on Rails Directory Traversal Vulnerability
Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2015-4068
Arcserve | Unified Data Protection (UDP)
Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability
Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2015-3035
TP-Link | Multiple Archer Devices
TP-Link Multiple Archer Devices Directory Traversal Vulnerability
Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2015-1427
Elastic | Elasticsearch
Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability
The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2015-1187
D-Link and TRENDnet | Multiple Devices
D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability
The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2015-0666
Cisco | Prime Data Center Network Manager (DCNM)
Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability
Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2014-6332
Microsoft | Windows
Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability
OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2014-6324
Microsoft | Kerberos Key Distribution Center (KDC)
Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability
The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2014-6287
Rejetto | HTTP File Server (HFS)
Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability
The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2014-3120
Elastic | Elasticsearch
Elasticsearch Remote Code Execution Vulnerability
Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2014-0130
Rails | Ruby on Rails
Ruby on Rails Directory Traversal Vulnerability
Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2013-5223
D-Link | DSL-2760U
D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability
A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2013-4810
Hewlett Packard (HP) | ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management
HP Multiple Products Remote Code Execution Vulnerability
HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2013-2251
Apache | Struts
Apache Struts Improper Input Validation Vulnerability
Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2012-1823
PHP | PHP
PHP-CGI Query String Parameter Vulnerability
sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2010-4345
Exim | Exim
Exim Privilege Escalation Vulnerability
Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2010-4344
Exim | Exim
Exim Heap-Based Buffer Overflow Vulnerability
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2010-3035
Cisco | IOS XR
Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2010-2861Active Ransomware Campaign
Adobe | ColdFusion
Adobe ColdFusion Directory Traversal Vulnerability
A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2009-2055
Cisco | IOS XR
Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability
Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2009-1151
phpMyAdmin | phpMyAdmin
phpMyAdmin Remote Code Execution Vulnerability
Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2009-0927
Adobe | Reader and Acrobat
Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2005-2773
Hewlett Packard (HP) | OpenView Network Node Manager
HP OpenView Network Node Manager Remote Code Execution Vulnerability
HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.
Added 2022-03-25
Remediation Deadline 2022-04-15
CVE-2020-5135
SonicWall | SonicOS
SonicWall SonicOS Buffer Overflow Vulnerability
A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.
Added 2022-03-15
Remediation Deadline 2022-04-05
CVE-2019-1405Active Ransomware Campaign
Microsoft | Windows
Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability
A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.
Added 2022-03-15
Remediation Deadline 2022-04-05