Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

GeoVision | Multiple Devices

CVE-2024-6047

GeoVision Devices OS Command Injection Vulnerability: Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-05-07
Due Date: 2025-05-28

Additional Notes

GeoVision | Multiple Devices

CVE-2024-11120

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-05-07
Due Date: 2025-05-28

Additional Notes

Android | Framework

CVE-2024-43093

Android Framework Privilege Escalation Vulnerability: Android Framework contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-11-07
Due Date: 2024-11-28

Additional Notes

Android | Kernel

CVE-2024-36971

Android Kernel Remote Code Execution Vulnerability: Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-08-07
Due Date: 2024-08-28

Additional Notes

Android | Pixel

CVE-2024-32896

Android Pixel Privilege Escalation Vulnerability: Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.

Related CWE: CWE-783

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-06-13
Due Date: 2024-07-04

Additional Notes

Android | Pixel

CVE-2024-29748

Android Pixel Privilege Escalation Vulnerability: Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app.

Related CWE: CWE-280

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-04-04
Due Date: 2024-04-25

Additional Notes

Android | Pixel

CVE-2024-29745

Android Pixel Information Disclosure Vulnerability: Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices.

Related CWE: CWE-908

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-04-04
Due Date: 2024-04-25

Additional Notes

Android | Pixel

CVE-2023-21237

Android Pixel Information Disclosure Vulnerability : Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-03-05
Due Date: 2024-03-26

Additional Notes

Android | Framework

CVE-2023-35674

Android Framework Privilege Escalation Vulnerability: Android Framework contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-09-13
Due Date: 2023-10-04

Additional Notes

Android | Framework

CVE-2023-20963

Android Framework Privilege Escalation Vulnerability: Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed.

Related CWE: CWE-295

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-04-13
Due Date: 2023-05-04

Additional Notes

Zoho | ManageEngine

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability: Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.

Related CWEs: CWE-78| CWE-259

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-07
Due Date: 2023-03-28

Additional Notes

Zoho | ManageEngine

CVE-2022-47966

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability: Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-01-23
Due Date: 2023-02-13

Additional Notes

Zoho | ManageEngine

CVE-2022-35405

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability: Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-09-22
Due Date: 2022-10-13

Additional Notes

Android | Android OS

CVE-2011-1823

Android OS Privilege Escalation Vulnerability: The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor.

Related CWE: CWE-189

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-09-08
Due Date: 2022-09-29

Additional Notes

Android | Kernel

CVE-2021-1048

Android Kernel Use-After-Free Vulnerability: Android kernel contains a use-after-free vulnerability that allows for privilege escalation.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Android | Kernel

CVE-2021-0920

Android Kernel Race Condition Vulnerability: Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation.

Related CWEs: CWE-362| CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Zoho | Desktop Central

CVE-2021-44515

Zoho Desktop Central Authentication Bypass Vulnerability: Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2021-12-24

Additional Notes

Zoho | ManageEngine ServiceDesk Plus (SDP)

CVE-2021-37415

Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability: Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2021-12-15

Additional Notes

Zoho | ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2021-12-15

Additional Notes

Android | Android Kernel

CVE-2020-0041

Android Kernel Out-of-Bounds Write Vulnerability: Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0069 under exploit chain "AbstractEmu."

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates