Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Office

CVE-2017-0262

Microsoft Office Remote Code Execution Vulnerability: A remote code execution vulnerability exists in Microsoft Office.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Microsoft | SMBv1

CVE-2017-0145

Microsoft SMBv1 Remote Code Execution Vulnerability: The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Microsoft | SMBv1

CVE-2017-0144

Microsoft SMBv1 Remote Code Execution Vulnerability: The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Apache | ActiveMQ

CVE-2016-3088

Apache ActiveMQ Improper Input Validation Vulnerability: The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

D-Link | DIR-645 Router

CVE-2015-2051

D-Link DIR-645 Router Remote Code Execution Vulnerability: D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Microsoft | HTTP.sys

CVE-2015-1635

Microsoft HTTP.sys Remote Code Execution Vulnerability: Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Apple | OS X

CVE-2015-1130

Apple OS X Authentication Bypass Vulnerability: The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.

Related CWE: CWE-254

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Apple | OS X

CVE-2014-4404

Apple OS X Heap-Based Buffer Overflow Vulnerability: Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Microsoft | Win32k

CVE-2022-21882

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-04
Due Date: 2022-02-18

Additional Notes

Apple | iOS and macOS

CVE-2022-22587

Apple Memory Corruption Vulnerability: Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-28
Due Date: 2022-02-11

Additional Notes

SonicWall | SMA 100 Appliances

CVE-2021-20038

SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability: SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.

Related CWE: CWE-121

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-01-28
Due Date: 2022-02-11

Additional Notes

Grandstream | UCM6200

CVE-2020-5722

Grandstream Networks UCM6200 Series SQL Injection Vulnerability: Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-28
Due Date: 2022-07-28

Additional Notes

Microsoft | Windows

CVE-2020-0787

Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability: Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges.

Related CWEs: CWE-269| CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-01-28
Due Date: 2022-07-28

Additional Notes

Intel | Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability

CVE-2017-5689

Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability: Intel products contain a vulnerability which can allow attackers to perform privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-28
Due Date: 2022-07-28

Additional Notes

Microsoft | Internet Explorer

CVE-2014-1776

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-28
Due Date: 2022-07-28

Additional Notes

GNU | Bourne-Again Shell (Bash)

CVE-2014-6271

GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-28
Due Date: 2022-07-28

Additional Notes

GNU | Bourne-Again Shell (Bash)

CVE-2014-7169

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-28
Due Date: 2022-07-28

Additional Notes

Apache | Struts 1

CVE-2006-1547

Apache Struts 1 ActionForm Denial-of-Service Vulnerability: ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS).

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-21
Due Date: 2022-07-21

Additional Notes

Apache | Struts 2

CVE-2012-0391

Apache Struts 2 Improper Input Validation Vulnerability: The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-21
Due Date: 2022-07-21

Additional Notes

Microsoft | Win32k

CVE-2018-8453

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-01-21
Due Date: 2022-07-21

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates