Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Windows

CVE-2023-21823

Microsoft Windows Graphic Component Privilege Escalation Vulnerability: Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-02-14
Due Date: 2023-03-07

Additional Notes

Apple | Multiple Products

CVE-2023-23529

Apple Multiple Products WebKit Type Confusion Vulnerability: Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-02-14
Due Date: 2023-03-07

Additional Notes

Microsoft | Windows

CVE-2023-23376

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-14
Due Date: 2023-03-07

Additional Notes

Microsoft | Office

CVE-2023-21715

Microsoft Office Publisher Security Feature Bypass Vulnerability: Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-02-14
Due Date: 2023-03-07

Additional Notes

Fortra | GoAnywhere MFT

CVE-2023-0669

Fortra GoAnywhere MFT Remote Code Execution Vulnerability: Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-10
Due Date: 2023-03-03

Additional Notes

TerraMaster | TerraMaster OS

CVE-2022-24990

TerraMaster OS Remote Command Execution Vulnerability: TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-10
Due Date: 2023-03-03

Additional Notes

Intel | Ethernet Diagnostics Driver for Windows

CVE-2015-2291

Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability: Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-10
Due Date: 2023-03-03

Additional Notes

SugarCRM | Multiple Products

CVE-2023-22952

Multiple SugarCRM Products Remote Code Execution Vulnerability: Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-02-02
Due Date: 2023-02-23

Additional Notes

Oracle | E-Business Suite

CVE-2022-21587

Oracle E-Business Suite Unspecified Vulnerability: Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-02
Due Date: 2023-02-23

Additional Notes

Telerik | User Interface (UI) for ASP.NET AJAX

CVE-2017-11357

Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability: Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-01-26
Due Date: 2023-02-16

Additional Notes

Zoho | ManageEngine

CVE-2022-47966

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability: Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-01-23
Due Date: 2023-02-13

Additional Notes

CWP | Control Web Panel

CVE-2022-44877

CWP Control Web Panel OS Command Injection Vulnerability: CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-01-17
Due Date: 2023-02-07

Additional Notes

Microsoft | Exchange Server

CVE-2022-41080

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-01-10
Due Date: 2023-01-31

Additional Notes

Microsoft | Windows

CVE-2023-21674

Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability: Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-01-10
Due Date: 2023-01-31

Additional Notes

TIBCO | JasperReports

CVE-2018-18809

TIBCO JasperReports Library Directory Traversal Vulnerability: TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-12-29
Due Date: 2023-01-19

Additional Notes

TIBCO | JasperReports

CVE-2018-5430

TIBCO JasperReports Server Information Disclosure Vulnerability: TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-12-29
Due Date: 2023-01-19

Additional Notes

Apple | iOS

CVE-2022-42856

Apple iOS Type Confusion Vulnerability: Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-12-14
Due Date: 2023-01-04

Additional Notes

Microsoft | Defender

CVE-2022-44698

Microsoft Defender SmartScreen Security Feature Bypass Vulnerability: Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Related CWE: CWE-755

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-12-13
Due Date: 2023-01-03

Additional Notes

Fortinet | FortiOS

CVE-2022-42475

Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability: Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

Related CWE: CWE-197

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-12-13
Due Date: 2023-01-03

Additional Notes

Veeam | Backup & Replication

CVE-2022-26500

Veeam Backup & Replication Remote Code Execution Vulnerability: The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-12-13
Due Date: 2023-01-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates