Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 61 - 80 of 1345
Microsoft | Windows

CVE-2018-8639

Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability: Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-03
  • Due Date: 2025-03-24
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-8639 ; https://nvd.nist.gov/vuln/detail/CVE-2018-8639
Cisco | Small Business RV Series Routers

CVE-2023-20118

Cisco Small Business RV Series Routers Command Injection Vulnerability: Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-03
  • Due Date: 2025-03-24
Additional Notes
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 ; https://nvd.nist.gov/vuln/detail/CVE-2023-20118
Hitachi Vantara | Pentaho Business Analytics (BA) Server

CVE-2022-43769

Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability: Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution.

Related CWE: CWE-74

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-03
  • Due Date: 2025-03-24
Additional Notes
https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769 ; https://nvd.nist.gov/vuln/detail/CVE-2022-43769
Hitachi Vantara | Pentaho Business Analytics (BA) Server

CVE-2022-43939

Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability: Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.

Related CWE: CWE-647

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-03
  • Due Date: 2025-03-24
Additional Notes
https://support.pentaho.com/hc/en-us/articles/14455394120333--Resolved-Pentaho-BA-Server-Use-of-Non-Canonical-URL-Paths-for-Authorization-Decisions-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43939- ; https://nvd.nist.gov/vuln/detail/CVE-2022-43939
Progress | WhatsUp Gold

CVE-2024-4885

Progress WhatsUp Gold Path Traversal Vulnerability: Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-03
  • Due Date: 2025-03-24
Additional Notes
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-4885
Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2023-34192

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability that allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-25
  • Due Date: 2025-03-18
Additional Notes
https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2023-34192
Microsoft | Partner Center

CVE-2024-49035

Microsoft Partner Center Improper Access Control Vulnerability: Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-25
  • Due Date: 2025-03-18
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49035 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49035
Oracle | Agile Product Lifecycle Management (PLM)

CVE-2024-20953

Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability: Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-24
  • Due Date: 2025-03-17
Additional Notes
https://www.oracle.com/security-alerts/cpujan2024.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20953
Adobe | ColdFusion

CVE-2017-3066

Adobe ColdFusion Deserialization Vulnerability: Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-24
  • Due Date: 2025-03-17
Additional Notes
https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2017-3066
Microsoft | Power Pages

CVE-2025-24989

Microsoft Power Pages Improper Access Control Vulnerability: Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-21
  • Due Date: 2025-03-14
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-24989 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24989
Palo Alto Networks | PAN-OS

CVE-2025-0111

Palo Alto Networks PAN-OS File Read Vulnerability: Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the “nobody” user.

Related CWE: CWE-73

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-20
  • Due Date: 2025-03-13
Additional Notes
https://security.paloaltonetworks.com/CVE-2025-0111 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0111
Craft CMS | Craft CMS

CVE-2025-23209

Craft CMS Code Injection Vulnerability: Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-20
  • Due Date: 2025-03-13
Additional Notes
https://github.com/craftcms/cms/security/advisories/GHSA-x684-96hh-833x ; https://nvd.nist.gov/vuln/detail/CVE-2025-23209
SonicWall | SonicOS

CVE-2024-53704

SonicWall SonicOS SSLVPN Improper Authentication Vulnerability: SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-18
  • Due Date: 2025-03-11
Additional Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 ; https://nvd.nist.gov/vuln/detail/CVE-2024-53704
Palo Alto Networks | PAN-OS

CVE-2025-0108

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-18
  • Due Date: 2025-03-11
Additional Notes
https://security.paloaltonetworks.com/CVE-2025-0108 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0108
SimpleHelp | SimpleHelp

CVE-2024-57727

SimpleHelp Path Traversal Vulnerability: SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-13
  • Due Date: 2025-03-06
Additional Notes
https://simple-help.com/kb---security-vulnerabilities-01-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2024-57727
Apple | iOS and iPadOS

CVE-2025-24200

Apple iOS and iPadOS Incorrect Authorization Vulnerability: Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-12
  • Due Date: 2025-03-05
Additional Notes
https://support.apple.com/en-us/122173 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24200
Mitel | SIP Phones

CVE-2024-41710

Mitel SIP Phones Argument Injection Vulnerability: Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system.

Related CWE: CWE-88

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-12
  • Due Date: 2025-03-05
Additional Notes
https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0019-001-v2.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-41710
Zyxel | DSL CPE Devices

CVE-2024-40891

Zyxel DSL CPE OS Command Injection Vulnerability: Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
  • Date Added: 2025-02-11
  • Due Date: 2025-03-04
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 ; https://www.zyxel.com/service-provider/global/en/security-advisories/zyxel-security-advisory-command-injection-insecure-in-certain-legacy-dsl-cpe-02-04-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40891
Microsoft | Windows

CVE-2025-21391

Microsoft Windows Storage Link Following Vulnerability: Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-11
  • Due Date: 2025-03-04
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21391 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21391
Microsoft | Windows

CVE-2025-21418

Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability: Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-11
  • Due Date: 2025-03-04
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21418

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now