Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Known Exploited Vulnerabilities Catalog
Share:

Filters

  • Accellion
  • Qlik
  • CrushFTP
  • OSGeo
  • ServiceNow
  • Dahua
  • PTZOptics
  • CyberPersons
  • Cleo
  • Reolink
  • NUUO
  • BeyondTrust
  • Paessler
  • Hitachi Vantara
  • Advantive
  • Commvault
  • GeoVision
  • Unitronics
  • FXC
  • Spreadsheet::ParseExcel
  • Joomla!
  • ConnectWise
  • Sunhillo
  • Nice
  • NextGen Healthcare
  • Justice AV Solutions
  • Check Point
  • (-) Remove filterPHP Group
  • Twilio
  • Acronis
  • Versa
  • Kingsoft
  • ScienceLogic
  • Nostromo
  • Metabase
  • (-) Remove filterArray Networks
  • North Grid
  • ProjectSend
  • Acclaim Systems
  • JQuery
  • Audinate
  • 7-Zip
  • Trimble
  • SimpleHelp
  • Craft CMS
  • tj-actions
  • NAKIVO
  • Edimax
  • reviewdog
  • Gladinet
  • Broadcom
  • Qualitia
  • Yiiframework
  • Langflow
  • FreeType
  • ownCloud
  • Adobe
  • Alcatel
  • Amcrest
  • (-) Remove filterAndroid
  • Apache
  • Apple
  • Arcadyan
  • Arcserve
  • Arm
  • Artifex
  • Atlassian
  • Aviatrix
  • Barracuda Networks
  • BQE
  • Cacti
  • ChakraCore
  • Checkbox
  • Cisco
  • Citrix
  • Code Aurora
  • Crestron
  • CWP
  • D-Link
  • D-Link and TRENDnet
  • Dasan
  • Dell
  • Delta Electronics
  • Docker
  • dotCMS
  • DotNetNuke (DNN)
  • DrayTek
  • Drupal
  • Elastic
  • Embedthis
  • Exim
  • EyesOfNetwork
  • F5
  • FatPipe
  • ForgeRock
  • Fortinet
  • Fortra
  • Fuel CMS
  • GIGABYTE
  • GitLab
  • GNU
  • Google
  • Grafana Labs
  • Grandstream
  • Hewlett Packard (HP)
  • Hikvision
  • IBM
  • IETF
  • Ignite Realtime
  • ImageMagick
  • InduSoft
  • Intel
  • Ivanti
  • Jenkins
  • JetBrains
  • Juniper
  • Kaseya
  • Kentico
  • Laravel
  • LG
  • Liferay
  • Linux
  • McAfee
  • MediaTek
  • Meta Platforms
  • Micro Focus
  • Microsoft
  • MikroTik
  • MinIO
  • Mitel
  • MongoDB
  • Mozilla
  • Nagios
  • NETGEAR
  • Netis
  • Netwrix
  • Novi Survey
  • Npm package
  • October CMS
  • OpenBSD
  • OpenSSL
  • Oracle
  • Palo Alto Networks
  • PaperCut
  • PEAR
  • Perl
  • PHP
  • phpMyAdmin
  • PHPUnit
  • Pi-hole
  • PlaySMS
  • Plex
  • Primetek
  • Progress
  • Pulse Secure
  • QNAP
  • QNAP Systems
  • Qualcomm
  • Quest
  • Rails
  • RARLAB
  • rConfig
  • Realtek
  • Red Hat
  • Redis
  • Rejetto
  • Roundcube
  • Ruckus Wireless
  • SaltStack
  • Samba
  • Samsung
  • SAP
  • Schneider Electric
  • Siemens
  • SIMalliance
  • Sitecore
  • SolarView
  • SolarWinds
  • Sonatype
  • SonicWall
  • Sophos
  • Sudo
  • SugarCRM
  • Sumavision
  • Symantec
  • Synacor
  • SysAid
  • TeamViewer
  • Teclib
  • Telerik
  • Tenda
  • TerraMaster
  • ThinkPHP
  • TIBCO
  • TP-Link
  • Treck TCP/IP stack
  • Trend Micro
  • Trihedral
  • TVT
  • Ubiquiti
  • Unraid
  • vBulletin
  • Veeam
  • Veritas
  • VMware
  • VMware Tanzu
  • WatchGuard
  • WebKitGTK
  • Webmin
  • WebRTC
  • WordPress
  • WSO2
  • XStream
  • Yealink
  • Zabbix
  • ZK Framework
  • Zoho
  • Zyxel
No result
Reset

Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License


Showing 1 - 15 of 15
Filters:
  • (-) Remove filterPHP Group
  • (-) Remove filterArray Networks
  • (-) Remove filterAndroid
  • Clear all filters
Array Networks | AG/vxAG ArrayOS

CVE-2023-28461

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability: Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-25
  • Due Date: 2024-12-16
Additional Notes
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2023-28461
Android | Framework

CVE-2024-43093

Android Framework Privilege Escalation Vulnerability: Android Framework contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-07
  • Due Date: 2024-11-28
Additional Notes
https://source.android.com/docs/security/bulletin/2024-11-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43093
Android | Kernel

CVE-2024-36971

Android Kernel Remote Code Execution Vulnerability: Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-07
  • Due Date: 2024-08-28
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://source.android.com/docs/security/bulletin/2024-08-01, https://lore.kernel.org/linux-cve-announce/20240610090330.1347021-2-lee@kernel.org/T/#u ; https://nvd.nist.gov/vuln/detail/CVE-2024-36971
Android | Pixel

CVE-2024-32896

Android Pixel Privilege Escalation Vulnerability: Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.

Related CWE: CWE-783

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-06-13
  • Due Date: 2024-07-04
Additional Notes
https://source.android.com/docs/security/bulletin/pixel/2024-06-01; https://nvd.nist.gov/vuln/detail/CVE-2024-32896
PHP Group | PHP

CVE-2024-4577

PHP-CGI OS Command Injection Vulnerability: PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-06-12
  • Due Date: 2024-07-03
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://www.php.net/ChangeLog-8.php#; https://nvd.nist.gov/vuln/detail/CVE-2024-4577
Android | Pixel

CVE-2024-29748

Android Pixel Privilege Escalation Vulnerability: Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.

Related CWE: CWE-280

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-04-04
  • Due Date: 2024-04-25
Additional Notes
https://source.android.com/docs/security/bulletin/pixel/2024-04-01; https://nvd.nist.gov/vuln/detail/CVE-2024-29748
Android | Pixel

CVE-2024-29745

Android Pixel Information Disclosure Vulnerability: Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.

Related CWE: CWE-908

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-04-04
  • Due Date: 2024-04-25
Additional Notes
https://source.android.com/docs/security/bulletin/pixel/2024-04-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29745
Android | Pixel

CVE-2023-21237

Android Pixel Information Disclosure Vulnerability : Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-03-05
  • Due Date: 2024-03-26
Additional Notes
https://source.android.com/docs/security/bulletin/pixel/2023-06-01; https://nvd.nist.gov/vuln/detail/CVE-2023-21237
Android | Framework

CVE-2023-35674

Android Framework Privilege Escalation Vulnerability: Android Framework contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-13
  • Due Date: 2023-10-04
Additional Notes
https://source.android.com/docs/security/bulletin/2023-09-01; https://nvd.nist.gov/vuln/detail/CVE-2023-35674
Android | Framework

CVE-2023-20963

Android Framework Privilege Escalation Vulnerability: Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed.

Related CWE: CWE-295

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-04-13
  • Due Date: 2023-05-04
Additional Notes
https://source.android.com/docs/security/bulletin/2023-03-01; https://nvd.nist.gov/vuln/detail/CVE-2023-20963
Android | Android OS

CVE-2011-1823

Android OS Privilege Escalation Vulnerability: The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://android.googlesource.com/platform/system/vold/+/c51920c82463b240e2be0430849837d6fdc5352e; https://nvd.nist.gov/vuln/detail/CVE-2011-1823
Android | Kernel

CVE-2021-1048

Android Kernel Use-After-Free Vulnerability: Android kernel contains a use-after-free vulnerability that allows for privilege escalation.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-1048
Android | Kernel

CVE-2021-0920

Android Kernel Race Condition Vulnerability: Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation.

Related CWEs: CWE-362| CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-0920
Android | Android Kernel

CVE-2019-2215

Android Kernel Use-After-Free Vulnerability: Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain "AbstractEmu."

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-2215
Android | Android Kernel

CVE-2020-0041

Android Kernel Out-of-Bounds Write Vulnerability: Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0069 under exploit chain "AbstractEmu."

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-0041

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback