Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Apache | RocketMQ

CVE-2023-33246

Apache RocketMQ Command Execution Vulnerability: Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as or achieve the same effect by forging the RocketMQ protocol content.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-09-06
Due Date: 2023-09-27

Additional Notes

Adobe | ColdFusion

CVE-2023-26359

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-08-21
Due Date: 2023-09-11

Additional Notes

Adobe | ColdFusion

CVE-2023-29298

Adobe ColdFusion Improper Access Control Vulnerability: Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-20
Due Date: 2023-08-10

Additional Notes

Adobe | ColdFusion

CVE-2023-38205

Adobe ColdFusion Improper Access Control Vulnerability: Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-20
Due Date: 2023-08-10

Additional Notes

Apache | Tomcat

CVE-2016-8735

Apache Tomcat Remote Code Execution Vulnerability: Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-05-12
Due Date: 2023-06-02

Additional Notes

Apache | Log4j2

CVE-2021-45046

Apache Log4j2 Deserialization of Untrusted Data Vulnerability: Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations.

Related CWE: CWE-917

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-05-01
Due Date: 2023-05-22

Additional Notes

Adobe | ColdFusion

CVE-2023-26360

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-15
Due Date: 2023-04-05

Additional Notes

Apache | Spark

CVE-2022-33891

Apache Spark Command Injection Vulnerability: Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-07
Due Date: 2023-03-28

Additional Notes

Apache | CouchDB

CVE-2022-24706

Apache CouchDB Insecure Default Initialization of Resource Vulnerability: Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.

Related CWE: CWE-1188

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-08-25
Due Date: 2022-09-15

Additional Notes

Apache | APISIX

CVE-2022-24112

Apache APISIX Authentication Bypass Vulnerability: Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.

Related CWE: CWE-290

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-08-25
Due Date: 2022-09-15

Additional Notes

Adobe | Acrobat and Reader

CVE-2018-4990

Adobe Acrobat and Reader Double Free Vulnerability: Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution.

Related CWE: CWE-415

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader, Flash Player

CVE-2009-1862

Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability: Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Flash Player

CVE-2012-5054

Adobe Flash Player Integer Overflow Vulnerability: Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Flash Player

CVE-2012-0767

Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability: Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Flash Player

CVE-2012-0754

Adobe Flash Player Memory Corruption Vulnerability: Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2011-2462

Adobe Acrobat and Reader Universal 3D Memory Corruption Vulnerability: The Universal 3D (U3D) component in Adobe Acrobat and Reader contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Flash Player

CVE-2011-0609

Adobe Flash Player Unspecified Vulnerability: Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2009-3953

Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability: Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2007-5659

Adobe Acrobat and Reader Buffer Overflow Vulnerability: Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Adobe | Acrobat and Reader

CVE-2008-0655

Adobe Acrobat and Reader Unspecified Vulnerability: Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates