Cybersecurity Alerts

Actively Exploited Vulnerabilities

The vulnerabilities listed below are sourced from the CISA Known Exploited Vulnerabilities catalog and represent security flaws that are actively being exploited in the wild. This list is updated daily. If you are unsure whether your systems are affected, contact us and we will help you assess your exposure.

CVE-2018-14847
MikroTik | RouterOS
MikroTik Router OS Directory Traversal Vulnerability
MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Added 2021-12-01
Remediation Deadline 2022-06-01
CVE-2021-42321Active Ransomware Campaign
Microsoft | Exchange
Microsoft Exchange Server Remote Code Execution Vulnerability
An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
Added 2021-11-17
Remediation Deadline 2021-12-01
CVE-2021-42292
Microsoft | Office
Microsoft Excel Security Feature Bypass
A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.
Added 2021-11-17
Remediation Deadline 2021-12-01
CVE-2021-40449Active Ransomware Campaign
Microsoft | Windows
Microsoft Windows Win32k Privilege Escalation Vulnerability
Unspecified vulnerability allows for an authenticated user to escalate privileges.
Added 2021-11-17
Remediation Deadline 2021-12-01
CVE-2021-22204
Perl | Exiftool
ExifTool Remote Code Execution Vulnerability
Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Added 2021-11-17
Remediation Deadline 2021-12-01
CVE-2021-42258Active Ransomware Campaign
BQE | BillQuick Web Suite
BQE BillQuick Web Suite SQL Injection Vulnerability
BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-42013Active Ransomware Campaign
Apache | HTTP Server
Apache HTTP Server Path Traversal Vulnerability
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-41773Active Ransomware Campaign
Apache | HTTP Server
Apache HTTP Server Path Traversal Vulnerability
Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default �require all denied� or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-40539Active Ransomware Campaign
Zoho | ManageEngine
Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-40444Active Ransomware Campaign
Microsoft | MSHTML
Microsoft MSHTML Remote Code Execution Vulnerability
Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-38649
Microsoft | Open Management Infrastructure (OMI)
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-38648
Microsoft | Open Management Infrastructure (OMI)
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-38647Active Ransomware Campaign
Microsoft | Open Management Infrastructure (OMI)
Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-38645
Microsoft | Open Management Infrastructure (OMI)
Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability
Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-38003
Google | Chromium V8
Google Chromium V8 Memory Corruption Vulnerability
Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-38000
Google | Chromium Intents
Google Chromium Intents Improper Input Validation Vulnerability
Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-37976
Google | Chromium
Google Chromium Information Disclosure Vulnerability
Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-37975
Google | Chromium V8
Google Chromium V8 Use-After-Free Vulnerability
Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-37973
Google | Chromium Portals
Google Chromium Portals Use-After-Free Vulnerability
Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-36955Active Ransomware Campaign
Microsoft | Windows
Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability
Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-36948
Microsoft | Windows
Microsoft Windows Update Medic Service Privilege Escalation Vulnerability
Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-36942Active Ransomware Campaign
Microsoft | Windows
Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability
Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-36742
Trend Micro | Apex One, Apex One as a Service, and Worry-Free Business Security
Trend Micro Multiple Products Improper Input Validation Vulnerability
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-36741
Trend Micro | Apex One, Apex One as a Service, and Worry-Free Business Security
Trend Micro Multiple Products Improper Input Validation Vulnerability
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-35464Active Ransomware Campaign
ForgeRock | Access Management (AM)
ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability
ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend).
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-35395
Realtek | AP-Router SDK
Realtek AP-Router SDK Buffer Overflow Vulnerability
Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS).
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-35211Active Ransomware Campaign
SolarWinds | Serv-U
SolarWinds Serv-U Remote Code Execution Vulnerability
SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-34527Active Ransomware Campaign
Microsoft | Windows
Microsoft Windows Print Spooler Remote Code Execution Vulnerability
Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare.
Added 2021-11-03
Remediation Deadline 2022-05-03
CVE-2021-34523Active Ransomware Campaign
Microsoft | Exchange Server
Microsoft Exchange Server Privilege Escalation Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-34473Active Ransomware Campaign
Microsoft | Exchange Server
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution.
Added 2021-11-03
Remediation Deadline 2021-11-17