Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 101 - 120 of 408
Filters:
Microsoft | Exchange Server

CVE-2022-41080

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2023-01-10
  • Due Date: 2023-01-31
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41080; https://nvd.nist.gov/vuln/detail/CVE-2022-41080
Microsoft | Defender

CVE-2022-44698

Microsoft Defender SmartScreen Security Feature Bypass Vulnerability: Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Related CWE: CWE-755

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-12-13
  • Due Date: 2023-01-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698; https://nvd.nist.gov/vuln/detail/CVE-2022-44698
Microsoft | Windows

CVE-2022-41049

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Related CWE: CWE-274

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-14
  • Due Date: 2022-12-09
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41049; https://nvd.nist.gov/vuln/detail/CVE-2022-41049
Microsoft | Windows

CVE-2022-41128

Microsoft Windows Scripting Languages Remote Code Execution Vulnerability: Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-12-09
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128; https://nvd.nist.gov/vuln/detail/CVE-2022-41128
Microsoft | Windows

CVE-2022-41091

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-12-09
Additional Notes
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41091; https://nvd.nist.gov/vuln/detail/CVE-2022-41091
Microsoft | Windows

CVE-2022-41073

Microsoft Windows Print Spooler Privilege Escalation Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-12-09
Additional Notes
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41073; https://nvd.nist.gov/vuln/detail/CVE-2022-41073
Microsoft | Windows

CVE-2022-41125

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability: Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-12-09
Additional Notes
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41125; https://nvd.nist.gov/vuln/detail/CVE-2022-41125
Microsoft | Windows COM+ Event System Service

CVE-2022-41033

Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability: Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-11
  • Due Date: 2022-11-01
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41033; https://nvd.nist.gov/vuln/detail/CVE-2022-41033
Microsoft | Exchange Server

CVE-2022-41040

Microsoft Exchange Server Server-Side Request Forgery Vulnerability: Microsoft Exchange Server allows for server-side request forgery. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-30
  • Due Date: 2022-10-21
Additional Notes
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41040
Microsoft | Exchange Server

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed "ProxyNotShell," this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-30
  • Due Date: 2022-10-21
Additional Notes
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/; https://nvd.nist.gov/vuln/detail/CVE-2022-41082
Microsoft | Windows

CVE-2010-2568

Microsoft Windows Remote Code Execution Vulnerability: Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-15
  • Due Date: 2022-10-06
Additional Notes
https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568
Microsoft | Windows

CVE-2022-37969

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-14
  • Due Date: 2022-10-05
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969; https://nvd.nist.gov/vuln/detail/CVE-2022-37969
Microsoft | Active Directory

CVE-2022-26923

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability: An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM.

Related CWE: CWE-295

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-18
  • Due Date: 2022-09-08
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923; https://nvd.nist.gov/vuln/detail/CVE-2022-26923
Microsoft | Windows

CVE-2022-34713

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability: A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-09
  • Due Date: 2022-08-30
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713; https://nvd.nist.gov/vuln/detail/CVE-2022-34713
Microsoft | Windows

CVE-2022-22047

Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability: Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges.

Related CWE: CWE-426

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-07-12
  • Due Date: 2022-08-02
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047; https://nvd.nist.gov/vuln/detail/CVE-2022-22047
Microsoft | Windows

CVE-2022-26925

Microsoft Windows LSA Spoofing Vulnerability: Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply remediation actions outlined in CISA guidance [https://www.cisa.gov/guidance-applying-june-microsoft-patch].
  • Date Added: 2022-07-01
  • Due Date: 2022-07-22
Additional Notes
WARNING: This update is required on all Microsoft Windows endpoints but if deployed to domain controllers without additional configuration changes the update breaks PIV/CAC authentication. Read CISA implementation guidance carefully before deploying to domain controllers.; https://nvd.nist.gov/vuln/detail/CVE-2022-26925
Microsoft | Windows

CVE-2022-30190

Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability: A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.

Related CWE: CWE-610

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-14
  • Due Date: 2022-07-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-30190
Microsoft | PowerPoint

CVE-2010-2572

Microsoft PowerPoint Buffer Overflow Vulnerability: Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-08
  • Due Date: 2022-06-22
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2010-2572
Adobe | Acrobat and Reader

CVE-2007-5659

Adobe Acrobat and Reader Buffer Overflow Vulnerability: Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-08
  • Due Date: 2022-06-22
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2007-5659

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now