Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Known Exploited Vulnerabilities Catalog
Share:

Filters

  • Accellion
  • Qlik
  • Craft CMS
  • ConnectWise
  • CrushFTP
  • OSGeo
  • ServiceNow
  • Dahua
  • PTZOptics
  • CyberPersons
  • Cleo
  • Reolink
  • NUUO
  • BeyondTrust
  • Paessler
  • Hitachi Vantara
  • Advantive
  • Commvault
  • GeoVision
  • ASUS
  • Unitronics
  • FXC
  • Spreadsheet::ParseExcel
  • Joomla!
  • Sunhillo
  • Nice
  • NextGen Healthcare
  • Justice AV Solutions
  • Check Point
  • PHP Group
  • Twilio
  • Acronis
  • Versa
  • Kingsoft
  • ScienceLogic
  • Nostromo
  • Metabase
  • Array Networks
  • North Grid
  • ProjectSend
  • Acclaim Systems
  • JQuery
  • Audinate
  • 7-Zip
  • Trimble
  • SimpleHelp
  • tj-actions
  • NAKIVO
  • Edimax
  • reviewdog
  • Gladinet
  • Broadcom
  • Qualitia
  • Yiiframework
  • Langflow
  • FreeType
  • TeleMessage
  • ZKTeco
  • Srimax
  • MDaemon
  • ownCloud
  • Adobe
  • Alcatel
  • Amcrest
  • Android
  • Apache
  • (-) Remove filterApple
  • Arcadyan
  • Arcserve
  • Arm
  • Artifex
  • Atlassian
  • Aviatrix
  • Barracuda Networks
  • BQE
  • Cacti
  • ChakraCore
  • Checkbox
  • Cisco
  • Citrix
  • Code Aurora
  • Crestron
  • CWP
  • D-Link
  • D-Link and TRENDnet
  • Dasan
  • Dell
  • Delta Electronics
  • Docker
  • dotCMS
  • DotNetNuke (DNN)
  • DrayTek
  • Drupal
  • Elastic
  • Embedthis
  • Exim
  • EyesOfNetwork
  • F5
  • FatPipe
  • ForgeRock
  • Fortinet
  • Fortra
  • Fuel CMS
  • GIGABYTE
  • GitLab
  • GNU
  • Google
  • Grafana Labs
  • Grandstream
  • Hewlett Packard (HP)
  • Hikvision
  • IBM
  • IETF
  • Ignite Realtime
  • ImageMagick
  • InduSoft
  • Intel
  • Ivanti
  • Jenkins
  • JetBrains
  • Juniper
  • Kaseya
  • Kentico
  • Laravel
  • LG
  • Liferay
  • (-) Remove filterLinux
  • McAfee
  • MediaTek
  • Meta Platforms
  • Micro Focus
  • Microsoft
  • MikroTik
  • MinIO
  • Mitel
  • MongoDB
  • Mozilla
  • Nagios
  • NETGEAR
  • Netis
  • Netwrix
  • Novi Survey
  • Npm package
  • October CMS
  • OpenBSD
  • OpenSSL
  • Oracle
  • Palo Alto Networks
  • PaperCut
  • PEAR
  • Perl
  • PHP
  • phpMyAdmin
  • PHPUnit
  • Pi-hole
  • PlaySMS
  • Plex
  • Primetek
  • Progress
  • Pulse Secure
  • QNAP
  • QNAP Systems
  • Qualcomm
  • Quest
  • Rails
  • RARLAB
  • rConfig
  • Realtek
  • Red Hat
  • Redis
  • Rejetto
  • Roundcube
  • Ruckus Wireless
  • SaltStack
  • Samba
  • Samsung
  • SAP
  • Schneider Electric
  • Siemens
  • SIMalliance
  • Sitecore
  • SolarView
  • SolarWinds
  • Sonatype
  • SonicWall
  • Sophos
  • Sudo
  • SugarCRM
  • Sumavision
  • Symantec
  • Synacor
  • SysAid
  • TeamViewer
  • Teclib
  • Telerik
  • Tenda
  • TerraMaster
  • ThinkPHP
  • TIBCO
  • TP-Link
  • Treck TCP/IP stack
  • Trend Micro
  • Trihedral
  • TVT
  • Ubiquiti
  • Unraid
  • vBulletin
  • Veeam
  • Veritas
  • VMware
  • VMware Tanzu
  • WatchGuard
  • WebKitGTK
  • Webmin
  • WebRTC
  • WordPress
  • WSO2
  • XStream
  • Yealink
  • Zabbix
  • ZK Framework
  • Zoho
  • Zyxel
No result
Reset

Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License


Showing 61 - 80 of 102
Filters:
  • (-) Remove filterApple
  • (-) Remove filterLinux
  • Clear all filters
Linux | Kernel

CVE-2014-3153

Linux Kernel Privilege Escalation Vulnerability: The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-25
  • Due Date: 2022-06-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-3153
Apple | iOS

CVE-2016-4655

Apple iOS Information Disclosure Vulnerability: The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-4655
Apple | iOS

CVE-2016-4656

Apple iOS Memory Corruption Vulnerability: A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-4656
Apple | iOS

CVE-2016-4657

Apple iOS Webkit Memory Corruption Vulnerability: Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-24
  • Due Date: 2022-06-14
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-4657
Apple | Multiple Products

CVE-2021-30883

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-30883
Apple | Multiple Products

CVE-2019-7286

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-7286
Apple | iOS

CVE-2019-7287

Apple iOS Memory Corruption Vulnerability: Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-23
  • Due Date: 2022-06-13
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-7287
Apple | Multiple Products

CVE-2021-1789

Apple Multiple Products Type Confusion Vulnerability: A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-04
  • Due Date: 2022-05-25
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-1789
Apple | Multiple Products

CVE-2019-8506

Apple Multiple Products Type Confusion Vulnerability: A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-04
  • Due Date: 2022-05-25
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-8506
Linux | Kernel

CVE-2022-0847

Linux Kernel Privilege Escalation Vulnerability: Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of "Dirty Pipe."

Related CWE: CWE-665

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-25
  • Due Date: 2022-05-16
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-0847
Linux | Kernel

CVE-2021-22600

Linux Kernel Privilege Escalation Vulnerability: Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.

Related CWE: CWE-415

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-11
  • Due Date: 2022-05-02
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-22600
Apple | macOS

CVE-2022-22675

Apple macOS Out-of-Bounds Write Vulnerability: macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.

Related CWEs: CWE-20| CWE-125

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-04
  • Due Date: 2022-04-25
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-22675
Apple | macOS

CVE-2022-22674

Apple macOS Out-of-Bounds Read Vulnerability: macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.

Related CWEs: CWE-20| CWE-125

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-04-04
  • Due Date: 2022-04-25
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-22674
Linux | Kernel

CVE-2016-5195

Linux Kernel Race Condition Vulnerability: Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges.

Related CWE: CWE-362

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-03
  • Due Date: 2022-03-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-5195
Apple | iOS, iPadOS, and macOS

CVE-2022-22620

Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability: Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-11
  • Due Date: 2022-02-25
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-22620
Apple | OS X

CVE-2015-1130

Apple OS X Authentication Bypass Vulnerability: The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges.

Related CWE: CWE-254

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2015-1130
Apple | OS X

CVE-2014-4404

Apple OS X Heap-Based Buffer Overflow Vulnerability: Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-10
  • Due Date: 2022-08-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2014-4404
Apple | iOS and macOS

CVE-2022-22587

Apple Memory Corruption Vulnerability: Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-28
  • Due Date: 2022-02-11
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-22587
Linux | Kernel

CVE-2019-13272

Linux Kernel Improper Privilege Management Vulnerability: Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-12-10
  • Due Date: 2022-06-10
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-13272
Apple | iOS, iPadOS, and macOS

CVE-2021-30858

Apple iOS, iPadOS, macOS Use-After-Free Vulnerability: Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-30858
  • Go to first pageFirst
  • Go to previous pagePrevious
  • Page 1
  • Page 2
  • Page 3
  • Currently on page 4
  • Page 5
  • Page 6
  • Go to next pageNext
  • Go to last pageLast

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback