Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Windows

CVE-2022-22718

Microsoft Windows Print Spooler Privilege Escalation Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-19
Due Date: 2022-05-10

Additional Notes

VMware | Multiple Products

CVE-2022-22960

VMware Multiple Products Privilege Escalation Vulnerability: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.

Related CWE: CWE-250

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

Google | Chromium V8

CVE-2022-1364

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

Crestron | Multiple Products

CVE-2019-3929

Crestron Multiple Products Command Injection Vulnerability: Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

D-Link | DNS-320 Storage Device

CVE-2019-16057

D-Link DNS-320 Remote Code Execution Vulnerability: The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

Schneider Electric | U.motion Builder

CVE-2018-7841

Schneider Electric U.motion Builder SQL Injection Vulnerability: A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

Trihedral | VTScada (formerly VTS)

CVE-2016-4523

Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability: The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

InduSoft | Web Studio

CVE-2014-0780

InduSoft Web Studio NTWebServer Directory Traversal Vulnerability: InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

Ubiquiti | AirOS

CVE-2010-5330

Ubiquiti AirOS Command Injection Vulnerability: Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

Alcatel | OmniPCX Enterprise

CVE-2007-3010

Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability: masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

VMware | Workspace ONE Access and Identity Manager

CVE-2022-22954

VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability: VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-04-14
Due Date: 2022-05-05

Additional Notes

Microsoft | Windows

CVE-2022-24521

Microsoft Windows CLFS Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

Related CWEs: CWE-787| CWE-1285

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Drupal | Core

CVE-2018-7602

Drupal Core Remote Code Execution Vulnerability: A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Kaseya | Virtual System/Server Administrator (VSA)

CVE-2018-20753

Kaseya VSA Remote Code Execution Vulnerability: Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2015-5123

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2015-5122

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2015-3113

Adobe Flash Player Heap-Based Buffer Overflow Vulnerability: Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Microsoft | Internet Explorer

CVE-2015-2502

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2015-0313

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Adobe | Flash Player

CVE-2015-0311

Adobe Flash Player Remote Code Execution Vulnerability: Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates