Cybersecurity Alerts

Actively Exploited Vulnerabilities

The vulnerabilities listed below are sourced from the CISA Known Exploited Vulnerabilities catalog and represent security flaws that are actively being exploited in the wild. This list is updated daily. If you are unsure whether your systems are affected, contact us and we will help you assess your exposure.

CVE-2021-28663
Arm | Mali Graphics Processing Unit (GPU)
Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability
Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-28550
Adobe | Acrobat and Reader
Adobe Acrobat and Reader Use-After-Free Vulnerability
Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-28310
Microsoft | Win32k
Microsoft Win32k Privilege Escalation Vulnerability
Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-27562
Arm | Trusted Firmware
Arm Trusted Firmware Out-of-Bounds Write Vulnerability
Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-27561
Yealink | Device Management
Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-27104Active Ransomware Campaign
Accellion | FTA
Accellion FTA OS Command Injection Vulnerability
Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-27103Active Ransomware Campaign
Accellion | FTA
Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability
Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-27102Active Ransomware Campaign
Accellion | FTA
Accellion FTA OS Command Injection Vulnerability
Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-27101Active Ransomware Campaign
Accellion | FTA
Accellion FTA SQL Injection Vulnerability
Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-27085
Microsoft | Internet Explorer
Microsoft Internet Explorer Remote Code Execution Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-27065Active Ransomware Campaign
Microsoft | Exchange Server
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Added 2021-11-03
Remediation Deadline 2022-05-03
CVE-2021-27059
Microsoft | Office
Microsoft Office Remote Code Execution Vulnerability
Microsoft Office contains an unspecified vulnerability that allows for remote code execution.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-26858Active Ransomware Campaign
Microsoft | Exchange Server
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Added 2021-11-03
Remediation Deadline 2022-05-03
CVE-2021-26857Active Ransomware Campaign
Microsoft | Exchange Server
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Added 2021-11-03
Remediation Deadline 2022-05-03
CVE-2021-26855Active Ransomware Campaign
Microsoft | Exchange Server
Microsoft Exchange Server Remote Code Execution Vulnerability
Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Added 2021-11-03
Remediation Deadline 2022-05-03
CVE-2021-26411Active Ransomware Campaign
Microsoft | Internet Explorer
Microsoft Internet Explorer Memory Corruption Vulnerability
Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-26084Active Ransomware Campaign
Atlassian | Confluence Server and Data Center
Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability
Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-23874
McAfee | McAfee Total Protection (MTP)
McAfee Total Protection (MTP) Improper Privilege Management Vulnerability
McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-22986Active Ransomware Campaign
F5 | BIG-IP and BIG-IQ Centralized Management
F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability
F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-22900
Ivanti | Pulse Connect Secure
Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability
Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Added 2021-11-03
Remediation Deadline 2022-05-03
CVE-2021-22899
Ivanti | Pulse Connect Secure
Ivanti Pulse Connect Secure Command Injection Vulnerability
Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
Added 2021-11-03
Remediation Deadline 2022-05-03
CVE-2021-22894
Ivanti | Pulse Connect Secure
Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability
Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room.
Added 2021-11-03
Remediation Deadline 2022-05-03
CVE-2021-22893Active Ransomware Campaign
Ivanti | Pulse Connect Secure
Ivanti Pulse Connect Secure Use-After-Free Vulnerability
Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
Added 2021-11-03
Remediation Deadline 2022-05-03
CVE-2021-22506
Micro Focus | Micro Focus Access Manager
Micro Focus Access Manager Information Leakage Vulnerability
Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-22502
Micro Focus | Operation Bridge Reporter (OBR)
Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability
Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-22205Active Ransomware Campaign
GitLab | Community and Enterprise Editions
GitLab Community and Enterprise Editions Remote Code Execution Vulnerability
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-22005Active Ransomware Campaign
VMware | vCenter Server
VMware vCenter Server File Upload Vulnerability
VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-21985Active Ransomware Campaign
VMware | vCenter Server
VMware vCenter Server Improper Input Validation Vulnerability
VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-21972Active Ransomware Campaign
VMware | vCenter Server
VMware vCenter Server Remote Code Execution Vulnerability
VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.
Added 2021-11-03
Remediation Deadline 2021-11-17
CVE-2021-21224
Google | Chromium V8
Google Chromium V8 Type Confusion Vulnerability
Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Added 2021-11-03
Remediation Deadline 2021-11-17