Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

D-Link | DIR-610 Devices

CVE-2020-9377

D-Link DIR-610 Devices Remote Command Execution: D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Zyxel | Multiple Network-Attached Storage (NAS) Devices

CVE-2020-9054

Zyxel Multiple NAS Devices OS Command Injection Vulnerability: Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

OpenBSD | OpenSMTPD

CVE-2020-7247

OpenSMTPD Remote Code Execution Vulnerability: smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.

Related CWEs: CWE-755| CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

VMware Tanzu | Spring Cloud Configuration (Config) Server

CVE-2020-5410

VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability: Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.

Related CWE: CWE-23

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Sophos | SG UTM

CVE-2020-25223

Sophos SG UTM Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

QNAP Systems | Helpdesk

CVE-2020-2506

QNAP Helpdesk Improper Access Control Vulnerability: QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Palo Alto Networks | PAN-OS

CVE-2020-2021

Palo Alto Networks PAN-OS Authentication Bypass Vulnerability: Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.

Related CWE: CWE-347

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Kylin

CVE-2020-1956

Apache Kylin OS Command Injection Vulnerability: Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Juniper | Junos OS

CVE-2020-1631

Juniper Junos OS Path Traversal Vulnerability: A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.

Related CWEs: CWE-22| CWE-73

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Drupal | Core

CVE-2019-6340

Drupal Core Remote Code Execution Vulnerability: In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Oracle | BI Publisher (Formerly XML Publisher)

CVE-2019-2616

Oracle BI Publisher Unauthorized Access Vulnerability: Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | Multiple Routers

CVE-2019-16920

D-Link Multiple Routers Command Injection Vulnerability: Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Webmin | Webmin

CVE-2019-15107

Webmin Command Injection Vulnerability: An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Citrix | SD-WAN and NetScaler

CVE-2019-12991

Citrix SD-WAN and NetScaler Command Injection Vulnerability: Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Citrix | SD-WAN and NetScaler

CVE-2019-12989

Citrix SD-WAN and NetScaler SQL Injection Vulnerability: Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

PHP | FastCGI Process Manager (FPM)

CVE-2019-11043

PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability: In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Kentico | Xperience

CVE-2019-10068

Kentico Xperience Deserialization of Untrusted Data Vulnerability: Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Jenkins | Matrix Project Plugin

CVE-2019-1003030

Jenkins Matrix Project Plugin Remote Code Execution Vulnerability: Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Graphics Device Interface (GDI)

CVE-2019-0903

Microsoft GDI Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Microsoft | Windows

CVE-2018-8414

Microsoft Windows Shell Remote Code Execution Vulnerability: A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates