Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 521 - 540 of 1345
Trend Micro | Apex One and Apex One as a Service

CVE-2022-40139

Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability: Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution.

Related CWEs: CWE-353| CWE-641

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-15
  • Due Date: 2022-10-06
Additional Notes
https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2022-40139
Apple | iOS, iPadOS, and macOS

CVE-2022-32917

Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability: Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-14
  • Due Date: 2022-10-05
Additional Notes
https://support.apple.com/en-us/HT213445, https://support.apple.com/en-us/HT213444; https://nvd.nist.gov/vuln/detail/CVE-2022-32917
Microsoft | Windows

CVE-2022-37969

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-14
  • Due Date: 2022-10-05
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969; https://nvd.nist.gov/vuln/detail/CVE-2022-37969
NETGEAR | Multiple Devices

CVE-2017-5521

NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability: Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions. If the affected device has since entered end-of-life, it should be disconnected if still in use.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability; https://nvd.nist.gov/vuln/detail/CVE-2017-5521
Google | Chromium Mojo

CVE-2022-3075

Google Chromium Mojo Insufficient Data Validation Vulnerability: Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075; https://nvd.nist.gov/vuln/detail/CVE-2022-3075
QNAP | Photo Station

CVE-2022-27593

QNAP Photo Station Externally Controlled Reference Vulnerability: Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.

Related CWE: CWE-610

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://www.qnap.com/en/security-advisory/qsa-22-24; https://nvd.nist.gov/vuln/detail/CVE-2022-27593
D-Link | DIR-820L

CVE-2022-26258

D-Link DIR-820L Remote Code Execution Vulnerability: D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10295; https://nvd.nist.gov/vuln/detail/CVE-2022-26258
Apple | iOS, iPadOS, and macOS

CVE-2020-9934

Apple iOS, iPadOS, and macOS Input Validation Vulnerability: Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://support.apple.com/en-us/HT211288, https://support.apple.com/en-us/HT211289; https://nvd.nist.gov/vuln/detail/CVE-2020-9934
MikroTik | RouterOS

CVE-2018-7445

MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability: In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow#vendor_update, https://mikrotik.com/download; https://nvd.nist.gov/vuln/detail/CVE-2018-7445
Android | Android OS

CVE-2011-1823

Android OS Privilege Escalation Vulnerability: The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://android.googlesource.com/platform/system/vold/+/c51920c82463b240e2be0430849837d6fdc5352e; https://nvd.nist.gov/vuln/detail/CVE-2011-1823
D-Link | Multiple Routers

CVE-2018-6530

D-Link Multiple Routers OS Command Injection Vulnerability: Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10105; https://nvd.nist.gov/vuln/detail/CVE-2018-6530
D-Link | DIR-300 Router

CVE-2011-4723

D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability: The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.

Related CWE: CWE-310

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://www.dlink.com/uk/en/support/product/dir-300-wireless-g-router; https://nvd.nist.gov/vuln/detail/CVE-2011-4723
Fortinet | FortiOS and FortiADC

CVE-2018-13374

Fortinet FortiOS and FortiADC Improper Access Control Vulnerability: Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server.

Related CWE: CWE-732

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://www.fortiguard.com/psirt/FG-IR-18-157; https://nvd.nist.gov/vuln/detail/CVE-2018-13374
Oracle | WebLogic Server

CVE-2018-2628

Oracle WebLogic Server Unspecified Vulnerability: Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://www.oracle.com/security-alerts/cpuapr2018.html; https://nvd.nist.gov/vuln/detail/CVE-2018-2628
VMware Tanzu | Spring Cloud

CVE-2022-22963

VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability: When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-25
  • Due Date: 2022-09-15
Additional Notes
https://tanzu.vmware.com/security/cve-2022-22963; https://nvd.nist.gov/vuln/detail/CVE-2022-22963
dotCMS | dotCMS

CVE-2022-26352

dotCMS Unrestricted Upload of File Vulnerability: dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution.

Related CWEs: CWE-22| CWE-138

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-25
  • Due Date: 2022-09-15
Additional Notes
https://www.dotcms.com/security/SI-62; https://nvd.nist.gov/vuln/detail/CVE-2022-26352
WebRTC | WebRTC

CVE-2022-2294

WebRTC Heap Buffer Overflow Vulnerability: WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-25
  • Due Date: 2022-09-15
Additional Notes
https://groups.google.com/g/discuss-webrtc/c/5KBtZx2gvcQ; https://nvd.nist.gov/vuln/detail/CVE-2022-2294
Grafana Labs | Grafana

CVE-2021-39226

Grafana Authentication Bypass Vulnerability: Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-25
  • Due Date: 2022-09-15
Additional Notes
https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/; https://nvd.nist.gov/vuln/detail/CVE-2021-39226
Apache | CouchDB

CVE-2022-24706

Apache CouchDB Insecure Default Initialization of Resource Vulnerability: Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.

Related CWE: CWE-1188

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-25
  • Due Date: 2022-09-15
Additional Notes
https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00; https://nvd.nist.gov/vuln/detail/CVE-2022-24706

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now