Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Kerberos Key Distribution Center (KDC)

CVE-2014-6324

Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability: The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Rejetto | HTTP File Server (HFS)

CVE-2014-6287

Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability: The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Elastic | Elasticsearch

CVE-2014-3120

Elasticsearch Remote Code Execution Vulnerability: Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Rails | Ruby on Rails

CVE-2014-0130

Ruby on Rails Directory Traversal Vulnerability: Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | DSL-2760U

CVE-2013-5223

D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability: A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Hewlett Packard (HP) | ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management

CVE-2013-4810

HP Multiple Products Remote Code Execution Vulnerability: HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Struts

CVE-2013-2251

Apache Struts Improper Input Validation Vulnerability: Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

PHP | PHP

CVE-2012-1823

PHP-CGI Query String Parameter Vulnerability: sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Exim | Exim

CVE-2010-4345

Exim Privilege Escalation Vulnerability: Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Exim | Exim

CVE-2010-4344

Exim Heap-Based Buffer Overflow Vulnerability: Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Cisco | IOS XR

CVE-2010-3035

Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability: Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Adobe | ColdFusion

CVE-2010-2861

Adobe ColdFusion Directory Traversal Vulnerability: A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Cisco | IOS XR

CVE-2009-2055

Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability: Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

phpMyAdmin | phpMyAdmin

CVE-2009-1151

phpMyAdmin Remote Code Execution Vulnerability: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Adobe | Reader and Acrobat

CVE-2009-0927

Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability: Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Hewlett Packard (HP) | OpenView Network Node Manager

CVE-2005-2773

HP OpenView Network Node Manager Remote Code Execution Vulnerability: HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

SonicWall | SonicOS

CVE-2020-5135

SonicWall SonicOS Buffer Overflow Vulnerability: A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1405

Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1322

Microsoft Windows Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1315

Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates