Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Adobe | Flash Player

CVE-2014-0497

Adobe Flash Player Integer Underflow Vulnerablity: Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code.

Related CWE: CWE-191

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Date Added: 2024-09-17
Due Date: 2024-10-08

Additional Notes

Adobe | Flash Player

CVE-2013-0643

Adobe Flash Player Incorrect Default Permissions Vulnerability: Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Date Added: 2024-09-17
Due Date: 2024-10-08

Additional Notes

Adobe | Flash Player

CVE-2013-0648

Adobe Flash Player Code Execution Vulnerability: Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Date Added: 2024-09-17
Due Date: 2024-10-08

Additional Notes

Adobe | Flash Player

CVE-2014-0502

Adobe Flash Player Double Free Vulnerablity: Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Date Added: 2024-09-17
Due Date: 2024-10-08

Additional Notes

Microsoft | Windows

CVE-2024-43461

Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112.

Related CWE: CWE-451

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-16
Due Date: 2024-10-07

Additional Notes

Progress | WhatsUp Gold

CVE-2024-6670

Progress WhatsUp Gold SQL Injection Vulnerability: Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-16
Due Date: 2024-10-07

Additional Notes

Ivanti | Cloud Services Appliance

CVE-2024-8190

Ivanti Cloud Services Appliance OS Command Injection Vulnerability: Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.

Date Added: 2024-09-13
Due Date: 2024-10-04

Additional Notes

Microsoft | Publisher

CVE-2024-38226

Microsoft Publisher Protection Mechanism Failure Vulnerability: Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.

Related CWE: CWE-693

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-10
Due Date: 2024-10-01

Additional Notes

Microsoft | Windows

CVE-2024-38014

Microsoft Windows Installer Improper Privilege Management Vulnerability: Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-10
Due Date: 2024-10-01

Additional Notes

Microsoft | Windows

CVE-2024-38217

Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.

Related CWE: CWE-693

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-10
Due Date: 2024-10-01

Additional Notes

ImageMagick | ImageMagick

CVE-2016-3714

ImageMagick Improper Input Validation Vulnerability: ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-09
Due Date: 2024-09-30

Additional Notes

Linux | Kernel

CVE-2017-1000253

Linux Kernel PIE Stack Buffer Corruption Vulnerability : Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-09
Due Date: 2024-09-30

Additional Notes

SonicWall | SonicOS

CVE-2024-40766

SonicWall SonicOS Improper Access Control Vulnerability: SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-09
Due Date: 2024-09-30

Additional Notes

DrayTek | VigorConnect

CVE-2021-20123

Draytek VigorConnect Path Traversal Vulnerability : Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-03
Due Date: 2024-09-24

Additional Notes

DrayTek | VigorConnect

CVE-2021-20124

Draytek VigorConnect Path Traversal Vulnerability : Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-03
Due Date: 2024-09-24

Additional Notes

Kingsoft | WPS Office

CVE-2024-7262

Kingsoft WPS Office Path Traversal Vulnerability: Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-03
Due Date: 2024-09-24

Additional Notes

Google | Chromium V8

CVE-2024-7965

Google Chromium V8 Inappropriate Implementation Vulnerability: Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-358

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-08-28
Due Date: 2024-09-18

Additional Notes

Apache | OFBiz

CVE-2024-38856

Apache OFBiz Incorrect Authorization Vulnerability: Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-08-27
Due Date: 2024-09-17

Additional Notes

Google | Chromium V8

CVE-2024-7971

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-08-26
Due Date: 2024-09-16

Additional Notes

Versa | Director

CVE-2024-39717

Versa Director Dangerous File Type Upload Vulnerability: The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-08-23
Due Date: 2024-09-13

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates