Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Adobe | Flash Player

CVE-2012-0767

Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability: Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Flash Player

CVE-2010-1297

Adobe Flash Player Memory Corruption Vulnerability: Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Atlassian | Confluence Server/Data Center

CVE-2022-26134

Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability: Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution.

Related CWE: CWE-917

Known To Be Used in Ransomware Campaigns? Known

Action: Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules.

Date Added: 2022-06-02
Due Date: 2022-06-06

Additional Notes

Adobe | Flash Player and AIR

CVE-2016-0984

Adobe Flash Player and AIR Use-After-Free Vulnerability: Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted products are end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Microsoft | Windows

CVE-2014-4148

Microsoft Windows Remote Code Execution Vulnerability: A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Microsoft | Windows

CVE-2015-1671

Microsoft Windows Remote Code Execution Vulnerability: A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts.

Related CWE: CWE-19

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Microsoft | Windows

CVE-2015-6175

Microsoft Windows Kernel Privilege Escalation Vulnerability: The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player

CVE-2015-8651

Adobe Flash Player Integer Overflow Vulnerability: Integer overflow in Adobe Flash Player allows attackers to execute code.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Mozilla | Firefox

CVE-2015-4495

Mozilla Firefox Security Feature Bypass Vulnerability: Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Microsoft | Windows

CVE-2015-1769

Microsoft Windows Mount Manager Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Microsoft | Internet Explorer

CVE-2015-2425

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Microsoft | Win32k

CVE-2015-2360

Microsoft Win32k Privilege Escalation Vulnerability: Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player and AIR

CVE-2016-1010

Adobe Flash Player and AIR Integer Overflow Vulnerability: Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted products are end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Oracle | Solaris

CVE-2019-3010

Oracle Solaris Privilege Escalation Vulnerability: Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Microsoft | Windows

CVE-2016-3393

Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability: A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Microsoft | Windows

CVE-2016-7256

Microsoft Windows Open Type Font Remote Code Execution Vulnerability: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Adobe | Flash Player

CVE-2015-0310

Adobe Flash Player ASLR Bypass Vulnerability: Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Microsoft | Windows

CVE-2015-0016

Microsoft Windows TS WebProxy Directory Traversal Vulnerability: Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Microsoft | Internet Explorer

CVE-2015-0071

Microsoft Internet Explorer ASLR Bypass Vulnerability: Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Microsoft | Silverlight

CVE-2016-0034

Microsoft Silverlight Runtime Remote Code Execution Vulnerability: Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS).

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted products are end-of-life and should be disconnected if still in use.

Date Added: 2022-05-25
Due Date: 2022-06-15

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates