Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Adobe | Reader and Acrobat

CVE-2014-0496

Adobe Reader and Acrobat Use-After-Free Vulnerability: Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2015-3043

Adobe Flash Player Memory Corruption Vulnerability: A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Acrobat and Reader

CVE-2008-2992

Adobe Reader and Acrobat Input Validation Vulnerability: Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-24

Additional Notes

Adobe | Flash Player

CVE-2018-15982

Adobe Flash Player Use-After-Free Vulnerability: Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-02-15
Due Date: 2022-08-15

Additional Notes

Adobe | Commerce and Magento Open Source

CVE-2022-24086

Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability: Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-15
Due Date: 2022-03-01

Additional Notes

VMware | vRealize Operations Manager API

CVE-2021-21975

VMware Server Side Request Forgery in vRealize Operations Manager API: Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-01-18
Due Date: 2022-02-01

Additional Notes

VMware | vCenter Server

CVE-2021-22017

VMware vCenter Server Improper Access Control: Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.

Related CWE: CWE-23

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-10
Due Date: 2022-01-24

Additional Notes

Adobe | Acrobat and Reader

CVE-2021-21017

Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability: Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Adobe | Flash Player

CVE-2018-4878

Adobe Flash Player Use-After-Free Vulnerability: Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Adobe | ColdFusion

CVE-2018-15961

Adobe ColdFusion Unrestricted File Upload Vulnerability: Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Adobe | ColdFusion

CVE-2018-4939

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Adobe | Acrobat and Reader

CVE-2021-28550

Adobe Acrobat and Reader Use-After-Free Vulnerability: Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

VMware | Multiple Products

CVE-2020-4006

Multiple VMware Products Command Injection Vulnerability: VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

VMware | vCenter Server

CVE-2021-21985

VMware vCenter Server Improper Input Validation Vulnerability: VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.

Related CWEs: CWE-20| CWE-470| CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

VMware | vCenter Server

CVE-2021-21972

VMware vCenter Server Remote Code Execution Vulnerability: VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.

Related CWE: CWE-23

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

VMware | vCenter Server

CVE-2020-3952

VMware vCenter Server Information Disclosure Vulnerability: VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

VMware | vCenter Server

CVE-2021-22005

VMware vCenter Server File Upload Vulnerability: VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.

Related CWE: CWE-23

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

VMware | Multiple Products

CVE-2020-3950

VMware Multiple Products Privilege Escalation Vulnerability: VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

VMware | ESXi

CVE-2020-3992

VMware ESXi OpenSLP Use-After-Free Vulnerability: VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

VMware | VMware ESXi and Horizon DaaS

CVE-2019-5544

VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability: VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates