Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Windows

CVE-2021-43890

Microsoft Windows AppX Installer Spoofing Vulnerability: Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-12-15
Due Date: 2021-12-29

Additional Notes

Google | Chromium V8

CVE-2021-4102

Google Chromium V8 Use-After-Free Vulnerability: Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-15
Due Date: 2021-12-29

Additional Notes

Zoho | Desktop Central

CVE-2021-44515

Zoho Desktop Central Authentication Bypass Vulnerability: Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2021-12-24

Additional Notes

Linux | Kernel

CVE-2019-13272

Linux Kernel Improper Privilege Management Vulnerability: Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

Realtek | Jungle Software Development Kit (SDK)

CVE-2021-35394

Realtek Jungle SDK Remote Code Execution Vulnerability: RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.

Related CWEs: CWE-78| CWE-138

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2021-12-24

Additional Notes

Sonatype | Nexus Repository Manager

CVE-2019-7238

Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability: Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

Apache | Solr

CVE-2019-0193

Apache Solr DataImportHandler Code Injection Vulnerability: The optional Apache Solr module DataImportHandler contains a code injection vulnerability.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

Fortinet | FortiOS

CVE-2021-44168

Fortinet FortiOS Arbitrary File Download: Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.

Related CWE: CWE-494

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2021-12-24

Additional Notes

Embedthis | GoAhead

CVE-2017-17562

Embedthis GoAhead Remote Code Execution Vulnerability: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

Red Hat | JBoss Application Server

CVE-2017-12149

Red Hat JBoss Application Server Remote Code Execution Vulnerability: The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

Red Hat | JBoss Seam 2

CVE-2010-1871

Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability: JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

Fuel CMS | Fuel CMS

CVE-2020-17463

Fuel CMS SQL Injection Vulnerability: FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

Pi-hole | AdminLTE

CVE-2020-8816

Pi-Hole AdminLTE Remote Code Execution Vulnerability: Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

MongoDB | mongo-express

CVE-2019-10758

MongoDB mongo-express Remote Code Execution Vulnerability: mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2022-06-10

Additional Notes

Apache | Log4j2

CVE-2021-44228

Apache Log4j2 Remote Code Execution Vulnerability: Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.

Related CWEs: CWE-20| CWE-400| CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.

Date Added: 2021-12-10
Due Date: 2021-12-24

Additional Notes

Qualcomm | Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

CVE-2020-11261

Qualcomm Multiple Chipsets Improper Input Validation Vulnerability: Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2022-06-01

Additional Notes

MikroTik | RouterOS

CVE-2018-14847

MikroTik Router OS Directory Traversal Vulnerability: MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2022-06-01

Additional Notes

Zoho | ManageEngine ServiceDesk Plus (SDP)

CVE-2021-37415

Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability: Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2021-12-15

Additional Notes

Apache | Apache

CVE-2021-40438

Apache HTTP Server-Side Request Forgery (SSRF): A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2021-12-15

Additional Notes

Zoho | ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2021-12-15

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates