Security Bulletins

New Vulnerabilities Affecting Apache Server 2.4.49/2.4.50 – CVE-2021-41773 & CVE-2021-42013

October 8, 2021

Background On Tuesday, October 5, 2021, Apache released a patch advisory for CVE-2021-41773, a path traversal, and file disclosure vulnerability affecting Apache HTTP Server version

Critical Vulnerability in VMware vCenter Server – CVE-2021-22005

September 28, 2021

On Tuesday, September 21, 2021, VMware released a patch advisory for a new remote code execution (RCE) vulnerability in VMware vCenter Server tracked as CVE-2021-22005.

A Linux Servers with OMI Agent Actively Targeted in Campaign Exploiting CVE-2021-38647 RCE

September 20, 2021

Background On September 14, 2021, Microsoft released a patch advisory for CVE-2021-38647, a remote code execution (RCE) vulnerability affecting Open Management Infrastructure (OMI), an open-source

Microsoft Windows RCE Vulnerability Exploited in the Wild – CVE-2021-40444

September 16, 2021

On September 7, 2021, some threat-intel researchers were made aware of a new threat against Windows operating systems and Microsoft Office products. With the identifier

Active Campaign Targeting On-Premise Confluence Servers with New RCE Exploit – CVE-2021-26084

September 6, 2021

Background On August 25, 2021, Atlassian published an advisory for a vulnerability in its Confluence server titled “CVE-2021-26084: Atlassian Confluence OGNL Injection” CVE ID CVSS

ProxyToken: Authentication Bypass Vulnerability in On-Premises Microsoft Exchange

September 3, 2021

Background On August 30, 2021, Trend Micro’s Zero Day Initiative (ZDI) published a technical blog on CVE-2021-33766, a new vulnerability in Exchange also known as

Update on Windows PrintNightmare and Print Spooler Vulnerabilities

August 16, 2021

Background Microsoft has been dealing with a series of vulnerabilities in the Windows Print Spooler, a service that provides printer functionality on domain controllers —

Windows Local Security Authority (LSA) Spoofing Vulnerability “PetitPotam”

August 16, 2021

Background On Tuesday, August 10, 2021, as part of the Microsoft Patch Tuesday release, security updates were made available to address the publicly documented exploit

Critical Vulnerability in VMware vCenter Server – CVE-2021-21985

May 27, 2021

Background On May 25, 2021, VMware published a security advisory for a new remote code execution (RCE) vulnerability in VMware vCenter Server tracked as CVE-2021-21985.

Patch for Zero-Day Vulnerability in Pulse Connect Secure VPN Appliance Available – CVE-2021-22893

May 4, 2021

Background On April 20,2021 Ivanti, the parent company of Pulse Secure, released Pulse Connect Secure version 9.1R11.4 to address the zero-day vulnerability CVE-2021-22893, among 3

F5 BIG-IP RCE Vulnerability Actively Exploited in the Wild

March 23, 2021

Executive Summary On Wednesday, March 10, F5 released security updates for its BIG-IP & BIG-IQ product lines that addressed several vulnerabilities, including one unauthenticated remote

Microsoft Exchange Zero-Day Vulnerabilities Exploited in the Wild

March 1, 2021

Executive Summary On Tuesday, March 2, Microsoft released an out-of-band patch to address multiple remote code execution (RCE) vulnerabilities in Microsoft Exchange. Four of these

CVE-2021-24093 – RCE Vulnerability in Windows 10

March 1, 2021

Executive Summary On Tuesday, February 9, Microsoft released patches for multiple vulnerabilities as part of its monthly “Patch Tuesday Release,” including one RCE vulnerability in

CVE-2021-21972: RCE Vulnerability in VMware vCenter Server

February 25, 2021

Executive Summary On Tuesday, February 23, VMware released an advisory and patch for a new remote code execution (RCE) vulnerability in VMware vCenter Server tracked

New SQL Injection Vulnerability in SonicWall SMA Series 100 Appliances

February 4, 2021

Executive Summary On Friday, January 22, SonicWall publicly disclosed a coordinated attack on its internal systems that it believes involved zero-day vulnerabilities in a number

New Vulnerabilities Disclosed in SolarWinds Products

February 3, 2021

Executive Summary On Wednesday, February 3, researchers at security firm TrustWave released a blog post detailing a new remote code execution (RCE) vulnerability in the

Jan 2021 Patch Tuesday Vulnerabilities Exploited in the Wild

January 14, 2021

Background On Tuesday, January 12, 2021, Microsoft released patches for 83 vulnerabilities across several Microsoft products which included 10 critical severity vulnerabilities. What’s notable about

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Incident Response Timelines

Expertise by Industry

Resource Center

Trending Resources

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

Join Arctic Wolf on an interactive journey to discover a better path past the hazards of the modern threat landscape.

CVE-2026-21858: Critical Unauthenticated File Access Vulnerability in n8n “Ni8mare”

CVE-2025-14847: MongoBleed Information Disclosure Vulnerability Exploited in the Wild

CVE-2025-20393: Threat Campaign Targeting Cisco Secure Email Gateway, Cisco Secure Email and Web Manager

Partners

Company

Careers

Press

Brand Partnerships

Arctic Wolf Networks 8939 Columbine Rd Eden Prairie, MN 55347

1.888.272.8429

© 2025 Arctic Wolf Networks Inc. All Rights Reserved.

Arctic Wolf Networks
8939 Columbine Rd
Eden Prairie, MN 55347