Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Office

CVE-2023-23397

Microsoft Office Outlook Privilege Escalation Vulnerability: Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.

Related CWE: CWE-294

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-14
Due Date: 2023-04-04

Additional Notes

Plex | Media Server

CVE-2020-5741

Plex Media Server Remote Code Execution Vulnerability: Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-10
Due Date: 2023-03-31

Additional Notes

XStream | XStream

CVE-2021-39144

XStream Remote Code Execution Vulnerability: XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation.

Related CWEs: CWE-94| CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-10
Due Date: 2023-03-31

Additional Notes

Apache | Spark

CVE-2022-33891

Apache Spark Command Injection Vulnerability: Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-07
Due Date: 2023-03-28

Additional Notes

Zoho | ManageEngine

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability: Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.

Related CWEs: CWE-78| CWE-259

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-07
Due Date: 2023-03-28

Additional Notes

Teclib | GLPI

CVE-2022-35914

Teclib GLPI Remote Code Execution Vulnerability: Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.

Related CWE: CWE-74

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-07
Due Date: 2023-03-28

Additional Notes

ZK Framework | AuUploader

CVE-2022-36537

ZK Framework AuUploader Unspecified Vulnerability: ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.

Related CWE: CWE-441

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-27
Due Date: 2023-03-20

Additional Notes

Mitel | MiVoice Connect

CVE-2022-40765

Mitel MiVoice Connect Command Injection Vulnerability: The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-21
Due Date: 2023-03-14

Additional Notes

Mitel | MiVoice Connect

CVE-2022-41223

Mitel MiVoice Connect Code Injection Vulnerability: The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-21
Due Date: 2023-03-14

Additional Notes

IBM | Aspera Faspex

CVE-2022-47986

IBM Aspera Faspex Code Execution Vulnerability: IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-21
Due Date: 2023-03-14

Additional Notes

Cacti | Cacti

CVE-2022-46169

Cacti Command Injection Vulnerability: Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.

Related CWE: CWE-74

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-02-16
Due Date: 2023-03-09

Additional Notes

Microsoft | Windows

CVE-2023-23376

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-14
Due Date: 2023-03-07

Additional Notes

Microsoft | Office

CVE-2023-21715

Microsoft Office Publisher Security Feature Bypass Vulnerability: Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-02-14
Due Date: 2023-03-07

Additional Notes

Apple | Multiple Products

CVE-2023-23529

Apple Multiple Products WebKit Type Confusion Vulnerability: Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-02-14
Due Date: 2023-03-07

Additional Notes

Microsoft | Windows

CVE-2023-21823

Microsoft Windows Graphic Component Privilege Escalation Vulnerability: Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-02-14
Due Date: 2023-03-07

Additional Notes

Intel | Ethernet Diagnostics Driver for Windows

CVE-2015-2291

Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability: Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-10
Due Date: 2023-03-03

Additional Notes

TerraMaster | TerraMaster OS

CVE-2022-24990

TerraMaster OS Remote Command Execution Vulnerability: TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-10
Due Date: 2023-03-03

Additional Notes

Fortra | GoAnywhere MFT

CVE-2023-0669

Fortra GoAnywhere MFT Remote Code Execution Vulnerability: Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-10
Due Date: 2023-03-03

Additional Notes

SugarCRM | Multiple Products

CVE-2023-22952

Multiple SugarCRM Products Remote Code Execution Vulnerability: Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-02-02
Due Date: 2023-02-23

Additional Notes

Oracle | E-Business Suite

CVE-2022-21587

Oracle E-Business Suite Unspecified Vulnerability: Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-02-02
Due Date: 2023-02-23

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates