Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Windows

CVE-2019-1129

Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Task Scheduler

CVE-2019-1069

Microsoft Task Scheduler Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-1064

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-0841

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2019-0543

Microsoft Windows Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Win32k

CVE-2018-8120

Microsoft Win32k Privilege Escalation Vulnerability: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2017-0101

Microsoft Windows Transaction Manager Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Windows

CVE-2016-3309

Microsoft Windows Kernel Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Microsoft | Win32k

CVE-2015-2546

Microsoft Win32k Memory Corruption Vulnerability: The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-15
Due Date: 2022-04-05

Additional Notes

Adobe | ColdFusion

CVE-2013-0631

Adobe ColdFusion Information Disclosure Vulnerability: Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-09-07

Additional Notes

Adobe | ColdFusion

CVE-2013-0629

Adobe ColdFusion Directory Traversal Vulnerability: Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-09-07

Additional Notes

Adobe | ColdFusion

CVE-2013-0625

Adobe ColdFusion Authentication Bypass Vulnerability: Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access.

Related CWE: CWE-255

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-09-07

Additional Notes

Adobe | BlazeDS

CVE-2009-3960

Adobe BlazeDS Information Disclosure Vulnerability: Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-09-07

Additional Notes

Adobe | Flash Player

CVE-2017-11292

Adobe Flash Player Type Confusion Vulnerability: Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2016-7855

Adobe Flash Player Use-After-Free Vulnerability: Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2016-4117

Adobe Flash Player Arbitrary Code Execution Vulnerability: An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2016-1019

Adobe Flash Player Arbitrary Code Execution Vulnerability: Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code.

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2015-7645

Adobe Flash Player Arbitrary Code Execution Vulnerability: Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2015-5119

Adobe Flash Player Use-After-Free Vulnerability: A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2015-3043

Adobe Flash Player Memory Corruption Vulnerability: A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates