Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Hewlett Packard (HP) | OpenView Network Node Manager

CVE-2005-2773

HP OpenView Network Node Manager Remote Code Execution Vulnerability: HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

SonicWall | SonicOS

CVE-2020-5135

SonicWall SonicOS Buffer Overflow Vulnerability: A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1405

Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1322

Microsoft Windows Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1315

Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1253

Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Win32k

CVE-2019-1132

Microsoft Win32k Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1129

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Task Scheduler

CVE-2019-1069

Microsoft Task Scheduler Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1064

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-0841

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-0543

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Win32k

CVE-2018-8120

Microsoft Win32k Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2017-0101

Microsoft Windows Transaction Manager Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2016-3309

Microsoft Windows Kernel Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Win32k

CVE-2015-2546

Microsoft Win32k Memory Corruption Vulnerability: The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Mozilla | Firefox

CVE-2022-26486

Mozilla Firefox Use-After-Free Vulnerability: Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-03-21

Additional Notes

Mozilla | Firefox

CVE-2022-26485

Mozilla Firefox Use-After-Free Vulnerability: Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-03-21

Additional Notes

VMware | vCenter Server and Cloud Foundation

CVE-2021-21973

VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability: VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.

Related CWEs: CWE-20| CWE-918

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-03-21

Additional Notes

Pulse Secure | Pulse Connect Secure

CVE-2020-8218

Pulse Connect Secure Code Injection Vulnerability: A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-09-07

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates