Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Apple | iOS

CVE-2019-7287

Apple iOS Memory Corruption Vulnerability: Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

VMware | Spring Cloud Gateway

CVE-2022-22947

VMware Spring Cloud Gateway Code Injection Vulnerability: Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-16
Due Date: 2022-06-06

Additional Notes

Apple | Multiple Products

CVE-2021-1789

Apple Multiple Products Type Confusion Vulnerability: A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-04
Due Date: 2022-05-25

Additional Notes

Apple | Multiple Products

CVE-2019-8506

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-04
Due Date: 2022-05-25

Additional Notes

VMware | Multiple Products

CVE-2022-22960

VMware Multiple Products Privilege Escalation Vulnerability: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts.

Related CWE: CWE-250

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

VMware | Workspace ONE Access and Identity Manager

CVE-2022-22954

VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability: VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-04-14
Due Date: 2022-05-05

Additional Notes

Apple | macOS

CVE-2022-22675

Apple macOS Out-of-Bounds Write Vulnerability: macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.

Related CWEs: CWE-20| CWE-125

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-04
Due Date: 2022-04-25

Additional Notes

Apple | macOS

CVE-2022-22674

Apple macOS Out-of-Bounds Read Vulnerability: macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.

Related CWEs: CWE-20| CWE-125

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-04
Due Date: 2022-04-25

Additional Notes

VMware | Spring Framework

CVE-2022-22965

Spring Framework JDK 9+ Remote Code Execution Vulnerability: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-04
Due Date: 2022-04-25

Additional Notes

VMware | SD-WAN Edge

CVE-2018-6961

VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability: VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

VMware | vCenter Server and Cloud Foundation

CVE-2021-21973

VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability: VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure.

Related CWEs: CWE-20| CWE-918

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-03-21

Additional Notes

Apple | iOS, iPadOS, and macOS

CVE-2022-22620

Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability: Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-11
Due Date: 2022-02-25

Additional Notes

Apple | OS X

CVE-2015-1130

Apple OS X Authentication Bypass Vulnerability: The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.

Related CWE: CWE-254

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Apple | OS X

CVE-2014-4404

Apple OS X Heap-Based Buffer Overflow Vulnerability: Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-02-10
Due Date: 2022-08-10

Additional Notes

Apple | iOS and macOS

CVE-2022-22587

Apple Memory Corruption Vulnerability: Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-28
Due Date: 2022-02-11

Additional Notes

VMware | vRealize Operations Manager API

CVE-2021-21975

VMware Server Side Request Forgery in vRealize Operations Manager API: Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-01-18
Due Date: 2022-02-01

Additional Notes

VMware | vCenter Server

CVE-2021-22017

VMware vCenter Server Improper Access Control: Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.

Related CWE: CWE-23

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-10
Due Date: 2022-01-24

Additional Notes

Apple | iOS, iPadOS, and macOS

CVE-2021-30858

Apple iOS, iPadOS, macOS Use-After-Free Vulnerability: Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Apple | iOS and macOS

CVE-2019-6223

Apple iOS and macOS Group Facetime Vulnerability: Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Apple | Multiple Products

CVE-2021-30860

Apple Multiple Products Integer Overflow Vulnerability: Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.

Related CWEs: CWE-20| CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates