Atlas · circumvention-stack threats
When the gear you rely on to evade censorship gets exploited
Censorship circumvention runs on a stack of network gear and client software — VPN concentrators, firewalls, routers, browsers, and messengers. When CISA confirms one of these is being actively exploited in the wild, the activists, journalists, and at-risk users who depend on Voidly and Veil are exactly who a state adversary would target with it. This feed surfaces those exploits.
856
circumvention-stack CVEs
actively exploited, per CISA
169
ransomware-linked
known to be used in ransomware
100
shown below
newest first
How to read this. This is the U.S. CISA Known Exploited Vulnerabilities catalog, re-surfaced and filtered to the gear that matters for safe circumvention. Voidly adds the relevance filter only — it makes no independent vulnerability claim. Always verify against the linked NVD/CISA record before acting.
| CVE | Vendor / product | Vulnerability | Added |
|---|---|---|---|
| CVE-2026-45498 | MicrosoftDefender | Microsoft Defender Denial of Service VulnerabilityMicrosoft Defender contains an unspecified vulnerability that allows for denial of service. | 2026-05-20 |
| CVE-2026-41091 | MicrosoftDefender | Microsoft Defender Link Following VulnerabilityMicrosoft Defender contains a link following vulnerability that allows an authorized attacker to elevate privileges locally. | 2026-05-20 |
| CVE-2010-0806 | MicrosoftInternet Explorer | Microsoft Internet Explorer Use-After-Free VulnerabilityMicrosoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2026-05-20 |
| CVE-2010-0249 | MicrosoftInternet Explorer | Microsoft Internet Explorer Use-After-Free VulnerabilityMicrosoft Internet Explorer contains an use-after-free vulnerability that could allow remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2026-05-20 |
| CVE-2009-1537 | MicrosoftDirectX | Microsoft DirectX NULL Byte Overwrite VulnerabilityMicrosoft DirectX contains a NULL byte overwrite vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow which could allow remote attackers to execute arbitrary code via a crafted QuickTime media file. | 2026-05-20 |
| CVE-2008-4250 | MicrosoftWindows | Microsoft Windows Buffer Overflow VulnerabilityMicrosoft Windows contains a buffer overflow vulnerability in the Windows Server Service that allows remote attackers to execute arbitrary code via a crafted RPC request that triggers an overflow during path canonicalization. | 2026-05-20 |
| CVE-2026-42897 | MicrosoftMicrosoftHIGH 8.1 | Microsoft Exchange Server Cross-Site Scripting VulnerabilityMicrosoft Exchange Server contains a cross-site scripting vulnerability during web page generation in Outlook Web Access and when certain interaction conditions are met, arbitrary JavaScript can be executed in the browser context. | 2026-05-15 |
| CVE-2026-20182 | CiscoCatalyst SD-WANCRITICAL 10 | Cisco Catalyst SD-WAN Controller Authentication Bypass VulnerabilityCisco Catalyst SD-WAN Controller & Manager contain an authentication bypass vulnerability that allows an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. | 2026-05-14 |
| CVE-2026-6973 | IvantiEndpoint Manager Mobile (EPMM)HIGH 7.2 | Ivanti Endpoint Manager Mobile (EPMM) Improper Input Validation VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution. | 2026-05-07 |
| CVE-2026-0300 | Palo Alto NetworksPAN-OSCRITICAL 9.8 | Palo Alto Networks PAN-OS Out-of-bounds Write VulnerabilityPalo Alto Networks PAN-OS contains an out-of-bounds write vulnerability in the User-ID Authentication Portal (aka Captive Portal) service that can allow an unauthenticated attacker to execute arbitrary code with root privileges on the PA-Series and VM-Series firewalls by sending specially crafted packets. | 2026-05-06 |
| CVE-2026-32202 | MicrosoftWindowsMEDIUM 4.3 | Microsoft Windows Protection Mechanism Failure VulnerabilityMicrosoft Windows Shell contains a protection mechanism failure vulnerability that allows an unauthorized attacker to perform spoofing over a network. | 2026-04-28 |
| CVE-2025-29635 | D-LinkDIR-823XHIGH 7.2 | D-Link DIR-823X Command Injection VulnerabilityD-Link DIR-823X contains a command injection vulnerability that allows an authorized attacker to execute arbitrary commands on remote devices by sending a POST request to /goform/set_prohibiting via the corresponding function. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2026-04-24 |
| CVE-2026-33825 | MicrosoftDefenderHIGH 7.8 | Microsoft Defender Insufficient Granularity of Access Control VulnerabilityMicrosoft Defender contains an insufficient granularity of access control vulnerability that could allow an authorized attacker to escalate privileges locally. | 2026-04-22 |
| CVE-2026-20133 | CiscoCatalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Exposure of Sensitive Information to an Unauthorized Actor VulnerabilityCisco Catalyst SD-WAN Manager contains an exposure of sensitive information to an unauthorized actor vulnerability that could allow remote attackers to view sensitive information on affected systems. | 2026-04-20 |
| CVE-2026-20128 | CiscoCatalyst SD-WAN Manager | Cisco Catalyst SD-WAN Manager Storing Passwords in a Recoverable Format VulnerabilityCisco Catalyst SD-WAN Manager contains a storing passwords in a recoverable format vulnerability that allows an authenticated, local attacker to gain DCA user privileges by accessing a credential file for the DCA user on the filesystem as a low-privileged user. | 2026-04-20 |
| CVE-2026-20122 | CiscoCatalyst SD-WAN Manger | Cisco Catalyst SD-WAN Manager Incorrect Use of Privileged APIs VulnerabilityCisco Catalyst SD-WAN Manager contains an incorrect use of privileged APIs vulnerability due to improper file handling on the API interface of an affected system. An attacker could exploit this vulnerability by uploading a malicious file on the local file system. A successful exploit could allow the attacker to overwrite arbitrary files on the affected system and gain vmanage user privileges. | 2026-04-20 |
| CVE-2026-32201 | MicrosoftSharePoint ServerMEDIUM 6.5 | Microsoft SharePoint Server Improper Input Validation VulnerabilityMicrosoft SharePoint Server contains an improper input validation vulnerability that allows an unauthorized attacker to perform spoofing over a network. | 2026-04-14 |
| CVE-2009-0238 | MicrosoftOffice | Microsoft Office Remote Code ExecutionMicrosoft Office Excel contains a remote code execution vulnerability that could allow an attacker to take complete control of an affected system if a user opens a specially crafted Excel file that includes a malformed object. | 2026-04-14 |
| CVE-2026-21643 | FortinetFortiClient EMSCRITICAL 9.8 | Fortinet FortiClient EMS SQL Injection VulnerabilityFortinet FortiClient EMS contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted HTTP requests. | 2026-04-13 |
| CVE-2025-60710 | MicrosoftWindowsHIGH 7.8 | Microsoft Windows Link Following VulnerabilityMicrosoft Windows contains a link following vulnerability that allows for privilege escalation | 2026-04-13 |
| CVE-2023-36424 | MicrosoftWindows | Microsoft Windows Out-of-Bounds Read VulnerabilityMicrosoft Windows Common Log File System Driver contains an out-of-bounds read vulnerability that could allow a threat actor for privileges escalation | 2026-04-13 |
| CVE-2023-21529ransomware | MicrosoftExchange Server | Microsoft Exchange Server Deserialization of Untrusted Data VulnerabilityMicrosoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution. | 2026-04-13 |
| CVE-2012-1854 | MicrosoftVisual Basic for Applications (VBA) | Microsoft Visual Basic for Applications Insecure Library Loading VulnerabilityMicrosoft Visual Basic for Applications (VBA) contains an insecure library loading vulnerability that could allow for remote code execution. | 2026-04-13 |
| CVE-2026-1340 | IvantiEndpoint Manager Mobile (EPMM)CRITICAL 9.8 | Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. | 2026-04-08 |
| CVE-2026-35616 | FortinetFortiClient EMSCRITICAL 9.8 | Fortinet FortiClient EMS Improper Access Control VulnerabilityFortinet FortiClient EMS contains an improper access control vulnerability that may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests. | 2026-04-06 |
| CVE-2026-5281 | GoogleDawnHIGH 8.8 | Google Dawn Use-After-Free VulnerabilityGoogle Dawn contains an use-after-free vulnerability that could allow a remote attacker who had compromised the renderer process to execute arbitrary code via a crafted HTML page. This vulnerability could affect multiple Chromium-based products including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | 2026-04-01 |
| CVE-2026-3055 | CitrixNetScalerCRITICAL 9.8 | Citrix NetScaler Out-of-Bounds Read VulnerabilityCitrix NetScaler ADC (formerly Citrix ADC), NetScaler Gateway (formerly Citrix Gateway) and NetScaler ADC FIPS and NDcPP contain an out-of-bounds reads vulnerability when configured as a SAML IDP leading to memory overread. | 2026-03-30 |
| CVE-2025-53521 | F5BIG-IPCRITICAL 9.8 | F5 BIG-IP Stack-Based Buffer Overflow VulnerabilityF5 BIG-IP APM contains a stack-based buffer overflow vulnerability that could allow a threat actor to achieve remote code execution. | 2026-03-27 |
| CVE-2025-43520 | AppleMultiple ProductsMEDIUM 5.5 | Apple Multiple Products Classic Buffer Overflow VulnerabilityApple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain a classic buffer overflow vulnerability which could allow a malicious application to cause unexpected system termination or write kernel memory. | 2026-03-20 |
| CVE-2025-43510 | AppleMultiple ProductsHIGH 7.8 | Apple Multiple Products Improper Locking VulnerabilityApple watchOS, iOS, iPadOS, macOS, visionOS, and tvOS contain an improper locking vulnerability that could allow a malicious application to cause unexpected changes in memory shared between processes. | 2026-03-20 |
| CVE-2025-31277 | AppleMultiple ProductsHIGH 8.8 | Apple Multiple Products Buffer Overflow VulnerabilityApple Safari, iOS, watchOS, visionOS, iPadOS, macOS, and tvOS contain a buffer overflow vulnerability that could allow the processing of maliciously crafted web content which may lead to memory corruption. | 2026-03-20 |
| CVE-2026-20131ransomware | CiscoSecure Firewall Management Center (FMC)CRITICAL 10 | Cisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management Deserialization of Untrusted Data VulnerabilityCisco Secure Firewall Management Center (FMC) Software and Cisco Security Cloud Control (SCC) Firewall Management contain a deserialization of untrusted data vulnerability in the web-based management interface that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device. | 2026-03-19 |
| CVE-2026-20963 | MicrosoftSharePointCRITICAL 9.8 | Microsoft SharePoint Deserialization of Untrusted Data VulnerabilityMicrosoft SharePoint contains a deserialization of untrusted data vulnerability that allows an unauthorized attacker to execute code over a network. | 2026-03-18 |
| CVE-2026-3910 | GoogleChromium V8HIGH 8.8 | Google Chromium V8 Improper Restriction of Operations Within the Bounds of a Memory Buffer VulnerabilityGoogle Chromium V8 contains an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | 2026-03-13 |
| CVE-2026-3909 | GoogleSkiaHIGH 8.8 | Google Skia Out-of-Bounds Write VulnerabilityGoogle Skia contains an out-of-bounds write vulnerability that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products. | 2026-03-13 |
| CVE-2026-1603 | Ivanti Endpoint Manager (EPM)HIGH 8.6 | Ivanti Endpoint Manager (EPM) Authentication Bypass VulnerabilityIvanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data. | 2026-03-09 |
| CVE-2023-43000 | AppleMultiple ProductsHIGH 8.8 | Apple Multiple products Use-After-Free VulnerabilityApple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption. | 2026-03-05 |
| CVE-2023-41974 | AppleiOS and iPadOS | Apple iOS and iPadOS Use-After-Free VulnerabilityApple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges. | 2026-03-05 |
| CVE-2021-30952 | AppleMultiple Products | Apple Multiple Products Integer Overflow or Wraparound VulnerabilityApple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution. | 2026-03-05 |
| CVE-2026-20127 | CiscoCatalyst SD-WAN Controller and Manager | Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass VulnerabilityCisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. | 2026-02-25 |
| CVE-2022-20775 | CiscoSD-WAN | Cisco SD-WAN Path Traversal VulnerabilityCisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | 2026-02-25 |
| CVE-2026-2441 | GoogleChromiumHIGH 8.8 | Google Chromium CSS Use-After-Free VulnerabilityGoogle Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | 2026-02-17 |
| CVE-2008-0015 | MicrosoftWindows | Microsoft Windows Video ActiveX Control Remote Code Execution VulnerabilityMicrosoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. | 2026-02-17 |
| CVE-2026-1731ransomware | BeyondTrustRemote Support (RS) and Privileged Remote Access (PRA)CRITICAL 9.8 | BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection VulnerabilityBeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption. | 2026-02-13 |
| CVE-2026-20700 | AppleMultiple ProductsHIGH 7.8 | Apple Multiple Buffer Overflow VulnerabilityApple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code. | 2026-02-12 |
| CVE-2024-43468 | MicrosoftConfiguration ManagerCRITICAL 9.8 | Microsoft Configuration Manager SQL Injection VulnerabilityMicrosoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database. | 2026-02-12 |
| CVE-2026-21533 | MicrosoftWindows | Microsoft Windows Improper Privilege Management VulnerabilityMicrosoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally. | 2026-02-10 |
| CVE-2026-21525 | MicrosoftWindows | Microsoft Windows NULL Pointer Dereference VulnerabilityMicrosoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. | 2026-02-10 |
| CVE-2026-21519 | MicrosoftWindows | Microsoft Windows Type Confusion VulnerabilityMicrosoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally. | 2026-02-10 |
| CVE-2026-21514 | MicrosoftOffice | Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision VulnerabilityMicrosoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally. | 2026-02-10 |
| CVE-2026-21513 | MicrosoftWindows | Microsoft MSHTML Framework Protection Mechanism Failure VulnerabilityMicrosoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. | 2026-02-10 |
| CVE-2026-21510 | MicrosoftWindows | Microsoft Windows Shell Protection Mechanism Failure VulnerabilityMicrosoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. | 2026-02-10 |
| CVE-2026-1281 | IvantiEndpoint Manager Mobile (EPMM)CRITICAL 9.8 | Ivanti Endpoint Manager Mobile (EPMM) Code Injection VulnerabilityIvanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. | 2026-01-29 |
| CVE-2026-24858 | FortinetMultiple ProductsCRITICAL 9.8 | Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel VulnerabilityFortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. | 2026-01-27 |
| CVE-2026-21509 | MicrosoftOfficeHIGH 7.8 | Microsoft Office Security Feature Bypass VulnerabilityMicrosoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted product(s) could be end-of-life (EoL) and/or end-of-service (EoS). Users are advised to discontinue use and/or transition to a supported version. | 2026-01-26 |
| CVE-2026-20045 | CiscoUnified Communications ManagerHIGH 8.2 | Cisco Unified Communications Products Code Injection VulnerabilityCisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection vulnerability that could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. | 2026-01-21 |
| CVE-2026-20805 | MicrosoftWindowsMEDIUM 5.5 | Microsoft Windows Information Disclosure VulnerabilityMicrosoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally. | 2026-01-13 |
| CVE-2009-0556 | MicrosoftOffice | Microsoft Office PowerPoint Code Injection VulnerabilityMicrosoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption. | 2026-01-07 |
| CVE-2025-14733 | WatchGuardFireboxCRITICAL 9.8 | WatchGuard Firebox Out of Bounds Write VulnerabilityWatchGuard Fireware OS iked process contains an out of bounds write vulnerability in the OS iked process. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code and affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer. | 2025-12-19 |
| CVE-2025-40602 | SonicWallSMA1000 applianceMEDIUM 6.6 | SonicWall SMA1000 Missing Authorization VulnerabilitySonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices. | 2025-12-17 |
| CVE-2025-20393 | CiscoMultiple ProductsCRITICAL 10 | Cisco Multiple Products Improper Input Validation VulnerabilityCisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. | 2025-12-17 |
| CVE-2025-59718 | FortinetMultiple ProductsCRITICAL 9.8 | Fortinet Multiple Products Improper Verification of Cryptographic Signature VulnerabilityFortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719 pertains to the same problem and is mentioned in the same vendor advisory. Ensure to apply all patches mentioned in the advisory. | 2025-12-16 |
| CVE-2025-43529 | AppleMultiple ProductsHIGH 8.8 | Apple Multiple Products Use-After-Free WebKit VulnerabilityApple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | 2025-12-15 |
| CVE-2025-14174 | GoogleChromiumHIGH 8.8 | Google Chromium Out of Bounds Memory Access VulnerabilityGoogle Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | 2025-12-12 |
| CVE-2025-62221 | MicrosoftWindowsHIGH 7.8 | Microsoft Windows Use After Free VulnerabilityMicrosoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally. | 2025-12-09 |
| CVE-2022-37055 | D-LinkRouters | D-Link Routers Buffer Overflow VulnerabilityD-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2025-12-08 |
| CVE-2025-13223 | GoogleChromium V8HIGH 8.8 | Google Chromium V8 Type Confusion VulnerabilityGoogle Chromium V8 contains a type confusion vulnerability that allows for heap corruption. | 2025-11-19 |
| CVE-2025-58034 | FortinetFortiWebHIGH 7.2 | Fortinet FortiWeb OS Command Injection VulnerabilityFortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. | 2025-11-18 |
| CVE-2025-64446 | FortinetFortiWebCRITICAL 9.8 | Fortinet FortiWeb Path Traversal VulnerabilityFortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. | 2025-11-14 |
| CVE-2025-9242 | WatchGuardFireboxCRITICAL 9.8 | WatchGuard Firebox Out-of-Bounds Write VulnerabilityWatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code. | 2025-11-12 |
| CVE-2025-62215 | MicrosoftWindowsHIGH 7 | Microsoft Windows Race Condition VulnerabilityMicrosoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access. | 2025-11-12 |
| CVE-2025-59287 | MicrosoftWindowsCRITICAL 9.8 | Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data VulnerabilityMicrosoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution. | 2025-10-24 |
| CVE-2025-33073 | MicrosoftWindowsHIGH 8.8 | Microsoft Windows SMB Client Improper Access Control VulnerabilityMicrosoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate. | 2025-10-20 |
| CVE-2022-48503 | AppleMultiple Products | Apple Multiple Products Unspecified VulnerabilityApple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2025-10-20 |
| CVE-2025-59230 | MicrosoftWindowsHIGH 7.8 | Microsoft Windows Improper Access Control VulnerabilityMicrosoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally. | 2025-10-14 |
| CVE-2025-24990 | MicrosoftWindowsHIGH 7.8 | Microsoft Windows Untrusted Pointer Dereference VulnerabilityMicrosoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges. | 2025-10-14 |
| CVE-2021-43226 | MicrosoftWindows | Microsoft Windows Privilege Escalation VulnerabilityMicrosoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms. | 2025-10-06 |
| CVE-2013-3918 | MicrosoftWindows | Microsoft Windows Out-of-Bounds Write VulnerabilityMicrosoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2025-10-06 |
| CVE-2011-3402 | MicrosoftWindows | Microsoft Windows Remote Code Execution VulnerabilityMicrosoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page. | 2025-10-06 |
| CVE-2010-3962 | MicrosoftInternet Explorer | Microsoft Internet Explorer Uninitialized Memory Corruption VulnerabilityMicrosoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2025-10-06 |
| CVE-2010-3765 | MozillaMultiple Products | Mozilla Multiple Products Remote Code Execution VulnerabilityMozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption. | 2025-10-06 |
| CVE-2015-7755 | JuniperScreenOS | Juniper ScreenOS Improper Authentication VulnerabilityJuniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device. | 2025-10-02 |
| CVE-2025-59689 | LibraesvaEmail Security GatewayMEDIUM 6.1 | Libraesva Email Security Gateway Command Injection VulnerabilityLibraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment. | 2025-09-29 |
| CVE-2025-20352 | CiscoIOS and IOS XEHIGH 7.7 | Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution VulnerabilityCisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. | 2025-09-29 |
| CVE-2025-20362 | CiscoSecure Firewall Adaptive Security Appliance and Secure Firewall Threat DefenseMEDIUM 6.5 | Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization VulnerabilityCisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a missing authorization vulnerability. This vulnerability could be chained with CVE-2025-20333. | 2025-09-25 |
| CVE-2025-20333 | CiscoSecure Firewall Adaptive Security Appliance and Secure Firewall Threat DefenseCRITICAL 9.9 | Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow VulnerabilityCisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362. | 2025-09-25 |
| CVE-2025-10585 | GoogleChromium V8CRITICAL 9.8 | Google Chromium V8 Type Confusion VulnerabilityGoogle Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine. | 2025-09-23 |
| CVE-2025-9377 | TP-LinkMultiple RoutersHIGH 7.2 | TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection VulnerabilityTP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2025-09-03 |
| CVE-2023-50224 | TP-LinkTL-WR841NMEDIUM 6.5 | TP-Link TL-WR841N Authentication Bypass by Spoofing VulnerabilityTP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2025-09-03 |
| CVE-2020-24363 | TP-LinkTL-WA855RE | TP-link TL-WA855RE Missing Authentication for Critical Function VulnerabilityTP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2025-09-02 |
| CVE-2025-7775 | CitrixNetScalerCRITICAL 9.8 | Citrix NetScaler Memory Overflow VulnerabilityCitrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service. | 2025-08-26 |
| CVE-2024-8069 | CitrixSession RecordingHIGH 8 | Citrix Session Recording Deserialization of Untrusted Data VulnerabilityCitrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server. | 2025-08-25 |
| CVE-2024-8068 | CitrixSession RecordingHIGH 8 | Citrix Session Recording Improper Privilege Management VulnerabilityCitrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain. | 2025-08-25 |
| CVE-2025-43300 | AppleiOS, iPadOS, and macOSCRITICAL 10 | Apple iOS, iPadOS, and macOS Out-of-Bounds Write VulnerabilityApple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework. | 2025-08-21 |
| CVE-2013-3893 | MicrosoftInternet Explorer | Microsoft Internet Explorer Resource Management Errors VulnerabilityMicrosoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2025-08-12 |
| CVE-2007-0671 | MicrosoftOffice | Microsoft Office Excel Remote Code Execution VulnerabilityMicrosoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system. | 2025-08-12 |
| CVE-2022-40799 | D-LinkDNR-322L | D-Link DNR-322L Download of Code Without Integrity Check VulnerabilityD-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2025-08-05 |
| CVE-2020-25079 | D-LinkDCS-2530L and DCS-2670L Devices | D-Link DCS-2530L and DCS-2670L Command Injection VulnerabilityD-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2025-08-05 |
| CVE-2020-25078 | D-LinkDCS-2530L and DCS-2670L Devices | D-Link DCS-2530L and DCS-2670L Devices Unspecified VulnerabilityD-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | 2025-08-05 |
| CVE-2025-20337 | CiscoIdentity Services EngineCRITICAL 10 | Cisco Identity Services Engine Injection VulnerabilityCisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device. | 2025-07-28 |
Source & method
- Data: CISA Known Exploited Vulnerabilities catalog, refreshed continuously into the Voidly federal-data hub.
- Filter: entries whose vendor or product is part of the censorship-circumvention stack (VPN, firewall, router, gateway, browser, messaging). Pass
?all=1to the API for the unfiltered catalog. - Voidly adds the relevance filter and the RSS surface; the underlying vulnerability data and severity are CISA's. Verify each item at its NVD link before acting.