Skip to main content
U.S. flag

An official website of the United States government

Here’s how you know

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

HTTPS

Secure .gov websites use HTTPS
A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Cybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and ResilienceCybersecurity & Infrastructure Security Agency logo America’s Cyber Security Defense Agency National Coordinator For Critical Infrastructure Security and Resilience
CISA Logo

Search

 

America's Cyber Defense Agency
 
  • Topics
    Cybersecurity Best Practices
    Cyber Threats and Advisories
    Critical Infrastructure Security and Resilience
    Election Security
    Emergency Communications
    Industrial Control Systems
    Information and Communications Technology Supply Chain Security
    Partnerships and Collaboration
    Physical Security
    Risk Management
    How can we help?
    GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities
  • Spotlight
  • Resources & Tools
    All Resources & Tools
    Services
    Programs
    Resources
    Training
    Groups
  • News & Events
    News
    Events
    Cybersecurity Alerts & Advisories
    Directives
    Request a CISA Speaker
    Congressional Testimony
    CISA Conferences
    CISA Live!
  • Careers
    Benefits & Perks
    HireVue Applicant Reasonable Accommodations Process
    Hiring
    Resume & Application Tips
    Students & Recent Graduates
    Veteran and Military Spouses
  • About
    Divisions & Offices
    Regions
    Leadership
    Doing Business with CISA
    Site Links
    CISA GitHub
    CISA Central
    Contact Us
    Subscribe
    Transparency and Accountability
    Policies & Plans

Free Cyber ServicesSecure by design Secure Our WorldShields UpReport A Cyber Issue

Breadcrumb
  1. Home
  2. Known Exploited Vulnerabilities Catalog
Share:

Filters

  • Accellion
  • Qlik
  • CrushFTP
  • OSGeo
  • ServiceNow
  • (-) Remove filterDahua
  • PTZOptics
  • CyberPersons
  • Cleo
  • Reolink
  • NUUO
  • BeyondTrust
  • Paessler
  • Hitachi Vantara
  • Advantive
  • Commvault
  • GeoVision
  • Unitronics
  • FXC
  • Spreadsheet::ParseExcel
  • Joomla!
  • ConnectWise
  • Sunhillo
  • Nice
  • NextGen Healthcare
  • Justice AV Solutions
  • Check Point
  • PHP Group
  • Twilio
  • Acronis
  • Versa
  • Kingsoft
  • ScienceLogic
  • Nostromo
  • Metabase
  • Array Networks
  • North Grid
  • ProjectSend
  • Acclaim Systems
  • JQuery
  • Audinate
  • 7-Zip
  • Trimble
  • SimpleHelp
  • Craft CMS
  • tj-actions
  • NAKIVO
  • Edimax
  • reviewdog
  • Gladinet
  • Broadcom
  • Qualitia
  • Yiiframework
  • Langflow
  • FreeType
  • ownCloud
  • Adobe
  • Alcatel
  • Amcrest
  • Android
  • Apache
  • Apple
  • Arcadyan
  • Arcserve
  • (-) Remove filterArm
  • Artifex
  • Atlassian
  • Aviatrix
  • Barracuda Networks
  • BQE
  • Cacti
  • ChakraCore
  • Checkbox
  • Cisco
  • Citrix
  • Code Aurora
  • Crestron
  • CWP
  • D-Link
  • D-Link and TRENDnet
  • Dasan
  • Dell
  • Delta Electronics
  • Docker
  • dotCMS
  • DotNetNuke (DNN)
  • DrayTek
  • Drupal
  • Elastic
  • Embedthis
  • Exim
  • EyesOfNetwork
  • F5
  • FatPipe
  • ForgeRock
  • Fortinet
  • Fortra
  • Fuel CMS
  • GIGABYTE
  • GitLab
  • GNU
  • Google
  • Grafana Labs
  • Grandstream
  • Hewlett Packard (HP)
  • Hikvision
  • IBM
  • IETF
  • Ignite Realtime
  • ImageMagick
  • InduSoft
  • Intel
  • Ivanti
  • Jenkins
  • JetBrains
  • Juniper
  • Kaseya
  • Kentico
  • Laravel
  • LG
  • Liferay
  • Linux
  • McAfee
  • MediaTek
  • Meta Platforms
  • Micro Focus
  • Microsoft
  • MikroTik
  • MinIO
  • Mitel
  • MongoDB
  • Mozilla
  • Nagios
  • NETGEAR
  • Netis
  • Netwrix
  • Novi Survey
  • Npm package
  • October CMS
  • OpenBSD
  • OpenSSL
  • Oracle
  • Palo Alto Networks
  • PaperCut
  • PEAR
  • Perl
  • PHP
  • phpMyAdmin
  • PHPUnit
  • Pi-hole
  • PlaySMS
  • Plex
  • Primetek
  • Progress
  • Pulse Secure
  • QNAP
  • QNAP Systems
  • Qualcomm
  • Quest
  • Rails
  • RARLAB
  • rConfig
  • Realtek
  • Red Hat
  • Redis
  • Rejetto
  • Roundcube
  • Ruckus Wireless
  • SaltStack
  • Samba
  • Samsung
  • (-) Remove filterSAP
  • Schneider Electric
  • Siemens
  • SIMalliance
  • Sitecore
  • SolarView
  • SolarWinds
  • Sonatype
  • SonicWall
  • Sophos
  • Sudo
  • SugarCRM
  • Sumavision
  • Symantec
  • Synacor
  • SysAid
  • TeamViewer
  • Teclib
  • Telerik
  • Tenda
  • TerraMaster
  • ThinkPHP
  • TIBCO
  • TP-Link
  • Treck TCP/IP stack
  • Trend Micro
  • Trihedral
  • TVT
  • Ubiquiti
  • Unraid
  • vBulletin
  • Veeam
  • Veritas
  • VMware
  • VMware Tanzu
  • WatchGuard
  • WebKitGTK
  • Webmin
  • WebRTC
  • WordPress
  • WSO2
  • XStream
  • Yealink
  • Zabbix
  • ZK Framework
  • Zoho
  • Zyxel
No result
Reset

Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License


Showing 1 - 20 of 24
Filters:
  • (-) Remove filterDahua
  • (-) Remove filterArm
  • (-) Remove filterSAP
  • Clear all filters
SAP | NetWeaver

CVE-2025-31324

SAP NetWeaver Unrestricted File Upload Vulnerability: SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-04-29
  • Due Date: 2025-05-20
Additional Notes
https://me.sap.com/notes/3594142 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31324
SAP | NetWeaver

CVE-2017-12637

SAP NetWeaver Directory Traversal Vulnerability: SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-19
  • Due Date: 2025-04-09
Additional Notes
SAP users must have an account to log in and access the patch: https://me.sap.com/notes/3476549 ; https://nvd.nist.gov/vuln/detail/CVE-2017-12637
SAP | Commerce Cloud

CVE-2019-0344

SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability: SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-09-30
  • Due Date: 2024-10-21
Additional Notes
https://web.archive.org/web/20191214053020/https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 ; https://nvd.nist.gov/vuln/detail/CVE-2019-0344
Dahua | IP Camera Firmware

CVE-2021-33044

Dahua IP Camera Authentication Bypass Vulnerability: Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-21
  • Due Date: 2024-09-11
Additional Notes
https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582; https://nvd.nist.gov/vuln/detail/CVE-2021-33044
Dahua | IP Camera Firmware

CVE-2021-33045

Dahua IP Camera Authentication Bypass Vulnerability: Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-21
  • Due Date: 2024-09-11
Additional Notes
https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582; https://nvd.nist.gov/vuln/detail/CVE-2021-33045
Arm | Mali GPU Kernel Driver

CVE-2024-4610

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability: Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-06-12
  • Due Date: 2024-07-03
Additional Notes
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2024-4610
Arm | Mali GPU Kernel Driver

CVE-2023-4211

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability: Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-10-03
  • Due Date: 2023-10-24
Additional Notes
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2023-4211
Arm | Mali Graphics Processing Unit (GPU)

CVE-2021-29256

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability: Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2023-07-07
  • Due Date: 2023-07-28
Additional Notes
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2021-29256
Arm | Mali Graphics Processing Unit (GPU)

CVE-2023-26083

Arm Mali GPU Kernel Driver Information Disclosure Vulnerability: Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.

Related CWE: CWE-401

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-04-07
  • Due Date: 2023-04-28
Additional Notes
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2023-26083
Arm | Mali Graphics Processing Unit (GPU)

CVE-2022-38181

Arm Mali GPU Kernel Driver Use-After-Free Vulnerability: Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-03-30
  • Due Date: 2023-04-20
Additional Notes
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2022-38181
Arm | Mali Graphics Processing Unit (GPU)

CVE-2022-22706

Arm Mali GPU Kernel Driver Unspecified Vulnerability: Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-03-30
  • Due Date: 2023-04-20
Additional Notes
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2022-22706
SAP | Multiple Products

CVE-2022-22536

SAP Multiple Products HTTP Request Smuggling Vulnerability: SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches.

Related CWE: CWE-444

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-08-18
  • Due Date: 2022-09-08
Additional Notes
SAP users must have an account in order to login and access the patch. https://accounts.sap.com/saml2/idp/sso; https://nvd.nist.gov/vuln/detail/CVE-2022-22536
SAP | NetWeaver

CVE-2016-2388

SAP NetWeaver Information Disclosure Vulnerability: The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-09
  • Due Date: 2022-06-30
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-2388
SAP | NetWeaver

CVE-2016-2386

SAP NetWeaver SQL Injection Vulnerability: SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-09
  • Due Date: 2022-06-30
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-2386
SAP | NetWeaver

CVE-2021-38163

SAP NetWeaver Unrestricted File Upload Vulnerability: SAP NetWeaver contains a vulnerability that allows unrestricted file upload.

Related CWE: CWE-23

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-06-09
  • Due Date: 2022-06-30
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-38163
SAP | NetWeaver

CVE-2020-6287

SAP NetWeaver Missing Authentication for Critical Function Vulnerability: SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-6287
SAP | NetWeaver

CVE-2016-3976

SAP NetWeaver Directory Traversal Vulnerability: SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-3976
SAP | Solution Manager

CVE-2020-6207

SAP Solution Manager Missing Authentication for Critical Function Vulnerability: SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-6207
Arm | Trusted Firmware

CVE-2021-27562

Arm Trusted Firmware Out-of-Bounds Write Vulnerability: Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-27562
SAP | NetWeaver

CVE-2016-9563

SAP NetWeaver XML External Entity (XXE) Vulnerability: SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks.

Related CWE: CWE-611

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2016-9563
  • Currently on page 1
  • Page 2
  • Go to next pageNext
  • Go to last pageLast

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now
Return to top
  • Topics
  • Spotlight
  • Resources & Tools
  • News & Events
  • Careers
  • About
Cybersecurity & Infrastructure Security Agency
  • Facebook
  • X
  • LinkedIn
  • YouTube
  • Instagram
  • RSS
CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov
DHS Seal
CISA.gov
An official website of the U.S. Department of Homeland Security
  • About CISA
  • Budget and Performance
  • DHS.gov
  • FOIA Requests
  • No FEAR Act
  • Office of Inspector General
  • Privacy Policy
  • Subscribe
  • The White House
  • USA.gov
  • Website Feedback