Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Internet Explorer Scripting Engine

CVE-2018-8373

Microsoft Scripting Engine Memory Corruption Vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

VMware | SD-WAN Edge

CVE-2018-6961

VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability: VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

LG | N1A1 NAS

CVE-2018-14839

LG N1A1 NAS Remote Command Execution Vulnerability: LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

VMware Tanzu | Spring Data Commons

CVE-2018-1273

VMware Tanzu Spring Data Commons Property Binder Vulnerability: Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Quest | KACE System Management Appliance

CVE-2018-11138

Quest KACE System Management Appliance Remote Command Execution Vulnerability: The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Cisco | Secure Access Control System (ACS)

CVE-2018-0147

Cisco Secure Access Control System Java Deserialization Vulnerability: A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Cisco | VPN Routers

CVE-2018-0125

Cisco VPN Routers Remote Code Execution Vulnerability: A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

NETGEAR | DGN2200 Devices

CVE-2017-6334

NETGEAR DGN2200 Devices OS Command Injection Vulnerability: dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Citrix | NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server

CVE-2017-6316

Citrix Multiple Products Remote Code Execution Vulnerability: A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Cisco | IOS and IOS XE

CVE-2017-3881

Cisco IOS and IOS XE Remote Code Execution Vulnerability: A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Tomcat

CVE-2017-12617

Apache Tomcat Remote Code Execution Vulnerability: When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Tomcat

CVE-2017-12615

Apache Tomcat on Windows Remote Code Execution Vulnerability: When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Windows

CVE-2017-0146

Microsoft Windows SMB Remote Code Execution Vulnerability: The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Adobe | Flash Player

CVE-2016-7892

Adobe Flash Player Use-After-Free Vulnerability: Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Adobe | Flash Player

CVE-2016-4171

Adobe Flash Player Remote Code Execution Vulnerability: Unspecified vulnerability in Adobe Flash Player allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

NETGEAR | Wireless Access Point (WAP) Devices

CVE-2016-1555

NETGEAR Multiple WAP Devices Command Injection Vulnerability: Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | DCS-930L Devices

CVE-2016-11021

D-Link DCS-930L Devices OS Command Injection Vulnerability: setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

NETGEAR | WNR2000v5 Router

CVE-2016-10174

NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability: The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Rails | Ruby on Rails

CVE-2016-0752

Ruby on Rails Directory Traversal Vulnerability: Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Arcserve | Unified Data Protection (UDP)

CVE-2015-4068

Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability: Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates