Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

QNAP Systems | Helpdesk

CVE-2020-2506

QNAP Helpdesk Improper Access Control Vulnerability: QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Palo Alto Networks | PAN-OS

CVE-2020-2021

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.

Related CWE: CWE-347

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Kylin

CVE-2020-1956

Apache Kylin OS Command Injection Vulnerability: Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Juniper | Junos OS

CVE-2020-1631

Juniper Junos OS Path Traversal Vulnerability: A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.

Related CWEs: CWE-22| CWE-73

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Drupal | Core

CVE-2019-6340

Drupal Core Remote Code Execution Vulnerability: In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Oracle | BI Publisher (Formerly XML Publisher)

CVE-2019-2616

Oracle BI Publisher Unauthorized Access Vulnerability: Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | Multiple Routers

CVE-2019-16920

D-Link Multiple Routers Command Injection Vulnerability: Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Webmin | Webmin

CVE-2019-15107

Webmin Command Injection Vulnerability: An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Citrix | SD-WAN and NetScaler

CVE-2019-12991

Citrix SD-WAN and NetScaler Command Injection Vulnerability: Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Citrix | SD-WAN and NetScaler

CVE-2019-12989

Citrix SD-WAN and NetScaler SQL Injection Vulnerability: Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

PHP | FastCGI Process Manager (FPM)

CVE-2019-11043

PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability: In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Kentico | Xperience

CVE-2019-10068

Kentico Xperience Deserialization of Untrusted Data Vulnerability: Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Jenkins | Matrix Project Plugin

CVE-2019-1003030

Jenkins Matrix Project Plugin Remote Code Execution Vulnerability: Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Graphics Device Interface (GDI)

CVE-2019-0903

Microsoft GDI Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Windows

CVE-2018-8414

Microsoft Windows Shell Remote Code Execution Vulnerability: A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Internet Explorer Scripting Engine

CVE-2018-8373

Microsoft Scripting Engine Memory Corruption Vulnerability: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

VMware | SD-WAN Edge

CVE-2018-6961

VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability: VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

LG | N1A1 NAS

CVE-2018-14839

LG N1A1 NAS Remote Command Execution Vulnerability: LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

VMware Tanzu | Spring Data Commons

CVE-2018-1273

VMware Tanzu Spring Data Commons Property Binder Vulnerability: Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Quest | KACE System Management Appliance

CVE-2018-11138

Quest KACE System Management Appliance Remote Command Execution Vulnerability: The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates