Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Apache | Spark

CVE-2022-33891

Apache Spark Command Injection Vulnerability: Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-07
Due Date: 2023-03-28

Additional Notes

D-Link | DIR-300 Router

CVE-2011-4723

D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability: The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information.

Related CWE: CWE-310

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-09-08
Due Date: 2022-09-29

Additional Notes

D-Link | Multiple Routers

CVE-2018-6530

D-Link Multiple Routers OS Command Injection Vulnerability: Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use.

Date Added: 2022-09-08
Due Date: 2022-09-29

Additional Notes

D-Link | DIR-820L

CVE-2022-26258

D-Link DIR-820L Remote Code Execution Vulnerability: D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-09-08
Due Date: 2022-09-29

Additional Notes

Apache | CouchDB

CVE-2022-24706

Apache CouchDB Insecure Default Initialization of Resource Vulnerability: Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges.

Related CWE: CWE-1188

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-08-25
Due Date: 2022-09-15

Additional Notes

Apache | APISIX

CVE-2022-24112

Apache APISIX Authentication Bypass Vulnerability: Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution.

Related CWE: CWE-290

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-08-25
Due Date: 2022-09-15

Additional Notes

D-Link | DNS-320 Storage Device

CVE-2019-16057

D-Link DNS-320 Remote Code Execution Vulnerability: The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

D-Link | Multiple Routers

CVE-2021-45382

D-Link Multiple Routers Remote Code Execution Vulnerability: A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-04
Due Date: 2022-04-25

Additional Notes

Apache | Tomcat

CVE-2017-12617

Apache Tomcat Remote Code Execution Vulnerability: When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | DIR-610 Devices

CVE-2020-9377

D-Link DIR-610 Devices Remote Command Execution: D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | Multiple Routers

CVE-2019-16920

D-Link Multiple Routers Command Injection Vulnerability: Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | DCS-930L Devices

CVE-2016-11021

D-Link DCS-930L Devices OS Command Injection Vulnerability: setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

D-Link | DSL-2760U

CVE-2013-5223

D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability: A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Struts

CVE-2013-2251

Apache Struts Improper Input Validation Vulnerability: Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Tomcat

CVE-2017-12615

Apache Tomcat on Windows Remote Code Execution Vulnerability: When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Kylin

CVE-2020-1956

Apache Kylin OS Command Injection Vulnerability: Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Apache | Tomcat

CVE-2020-1938

Apache Tomcat Improper Privilege Management Vulnerability: Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-03
Due Date: 2022-03-17

Additional Notes

Apache | Struts 1

CVE-2017-9791

Apache Struts 1 Improper Input Validation Vulnerability: The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

D-Link | DIR-645 Router

CVE-2015-2051

D-Link DIR-645 Router Remote Code Execution Vulnerability: D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Apache | ActiveMQ

CVE-2016-3088

Apache ActiveMQ Improper Input Validation Vulnerability: The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates