Critical Threat Feed

Showing vulnerabilities with a CRITICAL rating or those confirmed to be actively exploited by CISA.

CVSS 9

CVE-2026-45721

Target: Algernon - Web Server
CVSS 10

CVE-2026-42901

Target: Microsoft Entra ID
CVSS 10

CVE-2026-41104

Target: Microsoft Planetary Computer Pro - Deserialization Component
CVSS 9.3

CVE-2026-41090

Target: Microsoft Copilot
CVSS 9.1

CVE-2026-33843

Target: Microsoft Azure Active Directory B2C
CVSS 10

CVE-2026-23652

Target: Microsoft Power Pages
CVSS 9.6

CVE-2026-8670

Target: Avantra - Session Management
CVSS 9.8

CVE-2026-8398

Actively Exploited

Target: DAEMON Tools Lite - DTHelper.exe, DiscSoftBusServiceLite.exe, DTShellHlp.exe
CVSS 9.8

CVE-2026-44277

Target: FortiAuthenticator - Authentication Service
CVSS 9.8

CVE-2026-31217

Target: Optimate - Neural Magic Training
CVSS 8.8

CVE-2010-0806

Actively Exploited

Target: Microsoft Internet Explorer - Peer Objects component (iepeers.dll)
CVSS 9.8

CVE-2009-3555

Target: TLS/SSL Protocol - Various Implementations
CVSS 8.8

CVE-2009-1537

Actively Exploited

Target: Microsoft DirectX - QuickTime Movie Parser Filter
CVSS 9.8

CVE-2008-4250

Actively Exploited

Target: Windows - Server Service
CVSS 9.8

CVE-2026-7343

Target: Google Chrome - Views
CVSS 10

CVE-2026-35431

Target: Microsoft Entra ID - Entitlement Management
CVSS 10

CVE-2026-33819

Target: Microsoft Bing - Deserialization Component
CVSS 9.3

CVE-2026-32210

Target: Microsoft Dynamics 365 - Online Service
CVSS 9.6

CVE-2026-24303

Target: Microsoft Partner Center - Access Control Service
CVSS 9.8

CVE-2026-33519

Target: Esri Portal for ArcGIS - Authorization Service
CVSS 9.8

CVE-2026-33518

Target: Esri Portal for ArcGIS - Developer Credentials
CVSS 9.8

CVE-2017-15944

Actively Exploited

Target: PAN-OS - Management Interface
CVSS 7.8

CVE-2017-11882

Actively Exploited

Target: Microsoft Office - Microsoft Office Memory Corruption Vulnerability
CVSS 7.8

CVE-2017-11826

Actively Exploited

Target: Microsoft Office - Word
CVSS 7.8

CVE-2017-11774

Actively Exploited

Target: Microsoft Office - Outlook
CVSS 7.8

CVE-2017-8759

Actively Exploited

Target: Microsoft .NET Framework - .NET Framework Runtime
CVSS 7.5

CVE-2017-6627

Actively Exploited

Target: Cisco IOS - UDP Processing Code
CVSS 7.8

CVE-2015-2291

Actively Exploited

Target: Intel Ethernet diagnostics driver - IQVW32.sys/IQVW64.sys
CVSS 8.8

CVE-2017-6738

Actively Exploited

Target: Cisco IOS and IOS XE Software - SNMP Subsystem
CVSS 8.8

CVE-2017-6736

Actively Exploited

Target: Cisco IOS and IOS XE Software - SNMP Subsystem
CVSS 7.8

CVE-2017-8570

Actively Exploited

Target: Microsoft Office - Microsoft Office Core
CVSS 9.8

CVE-2017-8543

Actively Exploited

Target: Windows - Windows Search
CVSS 8.8

CVE-2017-8464

Actively Exploited

Target: Windows - Windows Shell
CVSS 7.8

CVE-2017-8540

Actively Exploited

Target: Microsoft Malware Protection Engine
CVSS 7.8

CVE-2017-0263

Actively Exploited

Target: Windows - Win32k Kernel-Mode Driver
CVSS 7.8

CVE-2017-0262

Actively Exploited

Target: Microsoft Office - Office Application
CVSS 7.8

CVE-2017-0261

Actively Exploited

Target: Microsoft Office - Office Application
CVSS 7.3

CVE-2017-0213

Actively Exploited

Target: Windows - COM Aggregate Marshaler
CVSS 7.8

CVE-2017-0199

Actively Exploited

Target: Microsoft Office - WordPad
CVSS 9.8

CVE-2017-3881

Actively Exploited

Target: Cisco IOS and Cisco IOS XE Software - Cluster Management Protocol (CMP)
CVSS 8.8

CVE-2017-0149

Actively Exploited

Target: Microsoft Internet Explorer - Browser Engine
CVSS 8.1

CVE-2017-0148

Actively Exploited

Target: Windows - SMBv1 Server
CVSS 7.5

CVE-2017-0147

Actively Exploited

Target: Windows - SMBv1 Server
CVSS 8.8

CVE-2017-0146

Actively Exploited

Target: Microsoft Windows - SMBv1 Server
CVSS 8.8

CVE-2017-0145

Actively Exploited

Target: Windows - SMBv1 Server
CVSS 8.8

CVE-2017-0144

Actively Exploited

Target: Microsoft Windows - SMBv1 Server
CVSS 8.8

CVE-2017-0143

Actively Exploited

Target: Microsoft Windows - SMBv1 Server
CVSS 7.8

CVE-2017-0101

Actively Exploited

Target: Windows - Transaction Manager
CVSS 7.8

CVE-2017-0005

Actively Exploited

Target: Windows - Graphics Device Interface (GDI)
CVSS 7.8

CVE-2017-0001

Actively Exploited

Target: Windows - Graphics Device Interface (GDI)
CVSS 8.1

CVE-2017-0037

Actively Exploited

Target: Microsoft Internet Explorer - mshtml.dll
CVSS 7.8

CVE-2016-7262

Actively Exploited

Target: Microsoft Office - Excel
CVSS 8.8

CVE-2016-7256

Actively Exploited

Target: Windows - Font Library (atmfd.dll)
CVSS 7.8

CVE-2016-7255

Actively Exploited

Target: Windows - Win32k Kernel Driver
CVSS 8.8

CVE-2016-7201

Actively Exploited

Target: Microsoft Edge - Chakra JavaScript Engine
CVSS 8.8

CVE-2016-7200

Actively Exploited

Target: Microsoft Edge - Chakra JavaScript Engine
CVSS 7.8

CVE-2016-7193

Actively Exploited

Target: Microsoft Office - Word
CVSS 7.8

CVE-2016-3393

Actively Exploited

Target: Windows - Graphics Device Interface (GDI)
CVSS 7.5

CVE-2016-6415

Actively Exploited

Target: Cisco IOS - IKEv1 Server Implementation
CVSS 7.8

CVE-2016-6367

Actively Exploited

Target: Cisco Adaptive Security Appliance (ASA) Software - CLI
CVSS 8.8

CVE-2016-6366

Actively Exploited

Target: Cisco Adaptive Security Appliance (ASA) Software - SNMP Service
CVSS 7.8

CVE-2016-3309

Actively Exploited

Target: Windows - Win32k Kernel-Mode Driver
CVSS 7.8

CVE-2016-3235

Actively Exploited

Target: Microsoft Visio - Visio Application
CVSS 7.5

CVE-2016-0189

Actively Exploited

Target: Internet Explorer - JScript and VBScript Engines
CVSS 7.8

CVE-2016-0185

Actively Exploited

Target: Windows - Media Center
CVSS 7.8

CVE-2016-0167

Actively Exploited

Target: Windows - Win32k Kernel-Mode Driver
CVSS 8.8

CVE-2016-1010

Actively Exploited

Target: Adobe Flash Player - Flash Player Component
CVSS 7.8

CVE-2016-0099

Actively Exploited

Target: Windows - Secondary Logon Service
CVSS 8.8

CVE-2016-0984

Actively Exploited

Target: Adobe Flash Player - Flash Player Plugin
CVSS 7.8

CVE-2016-0040

Actively Exploited

Target: Windows - Kernel
CVSS 8.8

CVE-2016-0034

Actively Exploited

Target: Microsoft Silverlight - Runtime
CVSS 8.8

CVE-2015-8651

Actively Exploited

Target: Adobe Flash Player - Core
CVSS 7.8

CVE-2015-6175

Actively Exploited

Target: Windows 10 - Kernel
CVSS 7.8

CVE-2015-7645

Actively Exploited

Target: Adobe Flash Player - Flash Player Plugin
CVSS 8.2

CVE-2015-2546

Actively Exploited

Target: Windows - Win32k Kernel-Mode Driver
CVSS 7.8

CVE-2015-2545

Actively Exploited

Target: Microsoft Office - Graphics Rendering Engine
CVSS 8.8

CVE-2015-2502

Actively Exploited

Target: Microsoft Internet Explorer
CVSS 7.8

CVE-2015-1642

Actively Exploited

Target: Microsoft Office - Document Parsing Component
CVSS 8.8

CVE-2015-2426

Actively Exploited

Target: Windows - Adobe Type Manager Library
CVSS 7.8

CVE-2015-2387

Actively Exploited

Target: Windows - Adobe Type Manager Font Driver
CVSS 8.8

CVE-2015-2425

Actively Exploited

Target: Microsoft Internet Explorer 11
CVSS 8.8

CVE-2015-2424

Actively Exploited

Target: Microsoft Office - PowerPoint/Word
CVSS 8.8

CVE-2015-2419

Actively Exploited

Target: Internet Explorer - JScript 9
CVSS 8.8

CVE-2015-2360

Actively Exploited

Target: Windows - win32k.sys
CVSS 8.8

CVE-2015-1770

Actively Exploited

Target: Microsoft Office - Office Core
CVSS 7.8

CVE-2015-1671

Actively Exploited

Target: Microsoft .NET Framework - Windows DirectWrite library
CVSS 7.8

CVE-2015-1701

Actively Exploited

Target: Windows - Win32k.sys
CVSS 7.8

CVE-2015-1641

Actively Exploited

Target: Microsoft Office - Word
CVSS 9.8

CVE-2015-1635

Actively Exploited

Target: Windows - HTTP.sys
CVSS 7.5

CVE-2015-0666

Actively Exploited

Target: Cisco Prime Data Center Network Manager (DCNM) - fmserver servlet
CVSS 7.8

CVE-2015-0016

Actively Exploited

Target: Windows - TS WebProxy
CVSS 8.8

CVE-2014-6324

Actively Exploited

Target: Windows - Kerberos Key Distribution Center (KDC)
CVSS 8.8

CVE-2014-6332

Actively Exploited

Target: Windows - OLE Automation
CVSS 7.8

CVE-2014-4077

Actively Exploited

Target: Microsoft Windows - IME for Japanese (IMJPDCT.EXE)
CVSS 7.8

CVE-2014-6352

Actively Exploited

Target: Microsoft Windows - OLE
CVSS 8.8

CVE-2014-4148

Actively Exploited

Target: Windows - win32k.sys
CVSS 7.8

CVE-2014-4114

Actively Exploited

Target: Microsoft Windows - OLE
CVSS 7.8

CVE-2014-4113

Actively Exploited

Target: Windows - win32k.sys Kernel Mode Driver
CVSS 8.8

CVE-2014-2817

Actively Exploited

Target: Microsoft Internet Explorer
CVSS 8.8

CVE-2014-1812

Actively Exploited

Target: Windows - Group Policy