Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Zyxel | P660HN-T1A Routers

CVE-2017-18368

Zyxel P660HN-T1A Routers Command Injection Vulnerability: Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-08-07
Due Date: 2023-08-28

Additional Notes

Ivanti | Endpoint Manager Mobile (EPMM)

CVE-2023-35081

Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability: Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable).

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-31
Due Date: 2023-08-21

Additional Notes

Synacor | Zimbra Collaboration Suite (ZCS)

CVE-2023-37580

Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-27
Due Date: 2023-08-17

Additional Notes

Apple | Multiple Products

CVE-2023-38606

Apple Multiple Products Kernel Unspecified Vulnerability: Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-26
Due Date: 2023-08-16

Additional Notes

Ivanti | Endpoint Manager Mobile (EPMM)

CVE-2023-35078

Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability: Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-25
Due Date: 2023-08-15

Additional Notes

Adobe | ColdFusion

CVE-2023-38205

Adobe ColdFusion Improper Access Control Vulnerability: Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-20
Due Date: 2023-08-10

Additional Notes

Adobe | ColdFusion

CVE-2023-29298

Adobe ColdFusion Improper Access Control Vulnerability: Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-20
Due Date: 2023-08-10

Additional Notes

Citrix | NetScaler ADC and NetScaler Gateway

CVE-2023-3519

Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability: Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-19
Due Date: 2023-08-09

Additional Notes

Microsoft | Windows

CVE-2023-36884

Microsoft Windows Search Remote Code Execution Vulnerability: Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution.

Related CWE: CWE-362

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-17
Due Date: 2023-08-29

Additional Notes

SolarView | Compact

CVE-2022-29303

SolarView Compact Command Injection Vulnerability: SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Date Added: 2023-07-13
Due Date: 2023-08-03

Additional Notes

Apple | Multiple Products

CVE-2023-37450

Apple Multiple Products WebKit Code Execution Vulnerability: Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Date Added: 2023-07-13
Due Date: 2023-08-03

Additional Notes

Netwrix | Auditor

CVE-2022-31199

Netwrix Auditor Insecure Object Deserialization Vulnerability: Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling.

Related CWEs: CWE-502| CWE-122

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Date Added: 2023-07-11
Due Date: 2023-08-01

Additional Notes

Microsoft | Windows

CVE-2023-36874

Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability: Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Date Added: 2023-07-11
Due Date: 2023-08-01

Additional Notes

Microsoft | Outlook

CVE-2023-35311

Microsoft Outlook Security Feature Bypass Vulnerability: Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt.

Related CWE: CWE-367

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Date Added: 2023-07-11
Due Date: 2023-08-01

Additional Notes

Microsoft | Windows

CVE-2023-32049

Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability: Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Date Added: 2023-07-11
Due Date: 2023-08-01

Additional Notes

Microsoft | Windows

CVE-2023-32046

Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability: Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Date Added: 2023-07-11
Due Date: 2023-08-01

Additional Notes

Arm | Mali Graphics Processing Unit (GPU)

CVE-2021-29256

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability: Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Date Added: 2023-07-07
Due Date: 2023-07-28

Additional Notes

Samsung | Mobile Devices

CVE-2021-25489

Samsung Mobile Devices Improper Input Validation Vulnerability: Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable

Date Added: 2023-06-29
Due Date: 2023-07-20

Additional Notes

D-Link | DWL-2600AP Access Point

CVE-2019-20500

D-Link DWL-2600AP Access Point Command Injection Vulnerability: D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Date Added: 2023-06-29
Due Date: 2023-07-20

Additional Notes

D-Link | DIR-859 Router

CVE-2019-17621

D-Link DIR-859 Router Command Execution Vulnerability: D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.

Date Added: 2023-06-29
Due Date: 2023-07-20

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates