Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Adobe | Reader and Acrobat

CVE-2013-2729

Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability: Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Internet Explorer

CVE-2013-2551

Microsoft Internet Explorer Use-After-Free Vulnerability: Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Oracle | Java SE

CVE-2013-2465

Oracle Java SE Unspecified Vulnerability: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Mozilla | Firefox and Thunderbird

CVE-2013-1690

Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability: Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Oracle | Java SE

CVE-2012-5076

Oracle Java SE Sandbox Bypass Vulnerability: The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Word

CVE-2012-2539

Microsoft Word Remote Code Execution Vulnerability: Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Adobe | Flash Player

CVE-2012-2034

Adobe Flash Player Memory Corruption Vulnerability: Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Oracle | Fusion Middleware

CVE-2012-0518

Oracle Fusion Middleware Unspecified Vulnerability: Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors

Related CWE: CWE-601

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Ancillary Function Driver (afd.sys)

CVE-2011-2005

Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability: afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Windows

CVE-2010-4398

Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability: Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-21

Additional Notes

WatchGuard | Firebox and XTM Appliances

CVE-2022-26318

WatchGuard Firebox and XTM Appliances Arbitrary Code Execution: On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Mitel | MiCollab, MiVoice Business Express

CVE-2022-26143

MiCollab, MiVoice Business Express Access Control Vulnerability: A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.

Related CWEs: CWE-306| CWE-406

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Windows

CVE-2022-21999

Microsoft Windows Print Spooler Privilege Escalation Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.

Related CWEs: CWE-40| CWE-1386

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Sitecore | XP

CVE-2021-42237

Sitecore XP Remote Command Execution Vulnerability: Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Citrix | ShareFile

CVE-2021-22941

Citrix ShareFile Improper Access Control Vulnerability: Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | DIR-610 Devices

CVE-2020-9377

D-Link DIR-610 Devices Remote Command Execution: D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Zyxel | Multiple Network-Attached Storage (NAS) Devices

CVE-2020-9054

Zyxel Multiple NAS Devices OS Command Injection Vulnerability: Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

OpenBSD | OpenSMTPD

CVE-2020-7247

OpenSMTPD Remote Code Execution Vulnerability: smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.

Related CWEs: CWE-755| CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

VMware Tanzu | Spring Cloud Configuration (Config) Server

CVE-2020-5410

VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability: Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.

Related CWE: CWE-23

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Sophos | SG UTM

CVE-2020-25223

Sophos SG UTM Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates