Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 20 of 33
Filters:
SAP | NetWeaver

CVE-2025-42999

SAP NetWeaver Deserialization Vulnerability: SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-05-15
  • Due Date: 2025-06-05
Additional Notes
SAP users must have an account to log in and access the patch: https://me.sap.com/notes/3604119 ; https://nvd.nist.gov/vuln/detail/CVE-2025-42999
SAP | NetWeaver

CVE-2025-31324

SAP NetWeaver Unrestricted File Upload Vulnerability: SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-04-29
  • Due Date: 2025-05-20
Additional Notes
https://me.sap.com/notes/3594142 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31324
SAP | NetWeaver

CVE-2017-12637

SAP NetWeaver Directory Traversal Vulnerability: SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-19
  • Due Date: 2025-04-09
Additional Notes
SAP users must have an account to log in and access the patch: https://me.sap.com/notes/3476549 ; https://nvd.nist.gov/vuln/detail/CVE-2017-12637
Android | Framework

CVE-2024-43093

Android Framework Privilege Escalation Vulnerability: Android Framework contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-07
  • Due Date: 2024-11-28
Additional Notes
https://source.android.com/docs/security/bulletin/2024-11-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43093
SAP | Commerce Cloud

CVE-2019-0344

SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability: SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-09-30
  • Due Date: 2024-10-21
Additional Notes
https://web.archive.org/web/20191214053020/https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 ; https://nvd.nist.gov/vuln/detail/CVE-2019-0344
Android | Kernel

CVE-2024-36971

Android Kernel Remote Code Execution Vulnerability: Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-07
  • Due Date: 2024-08-28
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://source.android.com/docs/security/bulletin/2024-08-01, https://lore.kernel.org/linux-cve-announce/20240610090330.1347021-2-lee@kernel.org/T/#u ; https://nvd.nist.gov/vuln/detail/CVE-2024-36971
Android | Pixel

CVE-2024-32896

Android Pixel Privilege Escalation Vulnerability: Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.

Related CWE: CWE-783

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-06-13
  • Due Date: 2024-07-04
Additional Notes
https://source.android.com/docs/security/bulletin/pixel/2024-06-01; https://nvd.nist.gov/vuln/detail/CVE-2024-32896
Android | Pixel

CVE-2024-29748

Android Pixel Privilege Escalation Vulnerability: Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.

Related CWE: CWE-280

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-04-04
  • Due Date: 2024-04-25
Additional Notes
https://source.android.com/docs/security/bulletin/pixel/2024-04-01; https://nvd.nist.gov/vuln/detail/CVE-2024-29748
Android | Pixel

CVE-2024-29745

Android Pixel Information Disclosure Vulnerability: Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.

Related CWE: CWE-908

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-04-04
  • Due Date: 2024-04-25
Additional Notes
https://source.android.com/docs/security/bulletin/pixel/2024-04-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29745
Android | Pixel

CVE-2023-21237

Android Pixel Information Disclosure Vulnerability : Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-03-05
  • Due Date: 2024-03-26
Additional Notes
https://source.android.com/docs/security/bulletin/pixel/2023-06-01; https://nvd.nist.gov/vuln/detail/CVE-2023-21237
F5 | BIG-IP Configuration Utility

CVE-2023-46748

F5 BIG-IP Configuration Utility SQL Injection Vulnerability: F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-10-31
  • Due Date: 2023-11-21
Additional Notes
https://my.f5.com/manage/s/article/K000137365 ; https://nvd.nist.gov/vuln/detail/CVE-2023-46748
F5 | BIG-IP Configuration Utility

CVE-2023-46747

F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability: F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748.

Related CWE: CWE-288

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-10-31
  • Due Date: 2023-11-21
Additional Notes
https://my.f5.com/manage/s/article/K000137353; https://nvd.nist.gov/vuln/detail/CVE-2023-46747
Android | Framework

CVE-2023-35674

Android Framework Privilege Escalation Vulnerability: Android Framework contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-13
  • Due Date: 2023-10-04
Additional Notes
https://source.android.com/docs/security/bulletin/2023-09-01; https://nvd.nist.gov/vuln/detail/CVE-2023-35674
Android | Framework

CVE-2023-20963

Android Framework Privilege Escalation Vulnerability: Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed.

Related CWE: CWE-295

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-04-13
  • Due Date: 2023-05-04
Additional Notes
https://source.android.com/docs/security/bulletin/2023-03-01; https://nvd.nist.gov/vuln/detail/CVE-2023-20963
Android | Android OS

CVE-2011-1823

Android OS Privilege Escalation Vulnerability: The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-09-08
  • Due Date: 2022-09-29
Additional Notes
https://android.googlesource.com/platform/system/vold/+/c51920c82463b240e2be0430849837d6fdc5352e; https://nvd.nist.gov/vuln/detail/CVE-2011-1823
SAP | Multiple Products

CVE-2022-22536

SAP Multiple Products HTTP Request Smuggling Vulnerability: SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches.

Related CWE: CWE-444

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-18
  • Due Date: 2022-09-08
Additional Notes
SAP users must have an account in order to login and access the patch. https://accounts.sap.com/saml2/idp/sso; https://nvd.nist.gov/vuln/detail/CVE-2022-22536
SAP | NetWeaver

CVE-2016-2388

SAP NetWeaver Information Disclosure Vulnerability: The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-09
  • Due Date: 2022-06-30
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-2388
SAP | NetWeaver

CVE-2016-2386

SAP NetWeaver SQL Injection Vulnerability: SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-09
  • Due Date: 2022-06-30
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-2386
SAP | NetWeaver

CVE-2021-38163

SAP NetWeaver Unrestricted File Upload Vulnerability: SAP NetWeaver contains a vulnerability that allows unrestricted file upload.

Related CWE: CWE-23

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-09
  • Due Date: 2022-06-30
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-38163
Android | Kernel

CVE-2021-0920

Android Kernel Race Condition Vulnerability: Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation.

Related CWEs: CWE-362| CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-0920

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now