Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 61 - 74 of 74
Filters:
Adobe | Reader and Acrobat

CVE-2013-3346

Adobe Reader and Acrobat Memory Corruption Vulnerability: Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-3346
Adobe | Reader

CVE-2013-0641

Adobe Reader Buffer Overflow Vulnerability: A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-0641
Adobe | Reader and Acrobat

CVE-2013-0640

Adobe Reader and Acrobat Memory Corruption Vulnerability: An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-0640
Adobe | ColdFusion

CVE-2013-0632

Adobe ColdFusion Authentication Bypass Vulnerability: An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2013-0632
Adobe | Flash Player

CVE-2011-0611

Adobe Flash Player Remote Code Execution Vulnerability: Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2011-0611
Adobe | Reader and Acrobat

CVE-2010-0188

Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability: Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2010-0188
Adobe | Acrobat and Reader

CVE-2008-2992

Adobe Reader and Acrobat Input Validation Vulnerability: Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2008-2992
Adobe | Flash Player

CVE-2018-15982

Adobe Flash Player Use-After-Free Vulnerability: Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-02-15
  • Due Date: 2022-08-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-15982
Adobe | Commerce and Magento Open Source

CVE-2022-24086

Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability: Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-15
  • Due Date: 2022-03-01
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-24086
Adobe | Acrobat and Reader

CVE-2021-21017

Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability: Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-21017
Adobe | Flash Player

CVE-2018-4878

Adobe Flash Player Use-After-Free Vulnerability: Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-4878
Adobe | ColdFusion

CVE-2018-15961

Adobe ColdFusion Unrestricted File Upload Vulnerability: Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-15961
Adobe | ColdFusion

CVE-2018-4939

Adobe ColdFusion Deserialization of Untrusted Data Vulnerability: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2018-4939
Adobe | Acrobat and Reader

CVE-2021-28550

Adobe Acrobat and Reader Use-After-Free Vulnerability: Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-28550

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now