Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

FreeType | FreeType

CVE-2025-27363

FreeType Out-of-Bounds Write Vulnerability: FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-05-06
Due Date: 2025-05-27

Additional Notes

Cisco | Smart Licensing Utility

CVE-2024-20439

Cisco Smart Licensing Utility Static Credential Vulnerability: Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials.

Related CWE: CWE-912

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-03-31
Due Date: 2025-04-21

Additional Notes

Cisco | Small Business RV Series Routers

CVE-2023-20118

Cisco Small Business RV Series Routers Command Injection Vulnerability: Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-03-03
Due Date: 2025-03-24

Additional Notes

Oracle | Agile Product Lifecycle Management (PLM)

CVE-2024-20953

Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability: Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-02-24
Due Date: 2025-03-17

Additional Notes

Oracle | WebLogic Server

CVE-2020-2883

Oracle WebLogic Server Unspecified Vulnerability: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-01-07
Due Date: 2025-01-28

Additional Notes

Oracle | Agile Product Lifecycle Management (PLM)

CVE-2024-21287

Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability: Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-11-21
Due Date: 2024-12-12

Additional Notes

Cisco | Adaptive Security Appliance (ASA)

CVE-2014-2120

Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability: Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-11-12
Due Date: 2024-12-03

Additional Notes

Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

CVE-2024-20481

Cisco ASA and FTD Denial-of-Service Vulnerability: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service.

Related CWE: CWE-772

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-10-24
Due Date: 2024-11-14

Additional Notes

Oracle | ADF Faces

CVE-2022-21445

Oracle ADF Faces Deserialization of Untrusted Data Vulnerability: Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-18
Due Date: 2024-10-09

Additional Notes

Oracle | WebLogic Server

CVE-2020-14644

Oracle WebLogic Server Remote Code Execution Vulnerability: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-09-18
Due Date: 2024-10-09

Additional Notes

Cisco | NX-OS

CVE-2024-20399

Cisco NX-OS Command Injection Vulnerability: Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-07-02
Due Date: 2024-07-23

Additional Notes

Oracle | WebLogic Server

CVE-2017-3506

Oracle WebLogic Server OS Command Injection Vulnerability: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-06-03
Due Date: 2024-06-24

Additional Notes

Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

CVE-2024-20353

Cisco ASA and FTD Denial of Service Vulnerability: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition.

Related CWE: CWE-835

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-04-24
Due Date: 2024-05-01

Additional Notes

Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

CVE-2024-20359

Cisco ASA and FTD Privilege Escalation Vulnerability: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-04-24
Due Date: 2024-05-01

Additional Notes

Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)

CVE-2020-3259

Cisco ASA and FTD Information Disclosure Vulnerability: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-02-15
Due Date: 2024-03-07

Additional Notes

Oracle | Fusion Middleware

CVE-2020-2551

Oracle Fusion Middleware Unspecified Vulnerability: Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-16
Due Date: 2023-12-07

Additional Notes

Cisco | Cisco IOS XE Web UI

CVE-2023-20273

Cisco IOS XE Web UI Command Injection Vulnerability: Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA.

Date Added: 2023-10-23
Due Date: 2023-10-27

Additional Notes

Cisco | IOS XE Web UI

CVE-2023-20198

Cisco IOS XE Web UI Privilege Escalation Vulnerability: Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device.

Related CWE: CWE-420

Known To Be Used in Ransomware Campaigns? Unknown

Date Added: 2023-10-16
Due Date: 2023-10-20

Additional Notes

Cisco | IOS and IOS XE

CVE-2023-20109

Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability: Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-10-10
Due Date: 2023-10-31

Additional Notes

Cisco | Adaptive Security Appliance and Firepower Threat Defense

CVE-2023-20269

Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability: Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user.

Related CWE: CWE-288

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices.

Date Added: 2023-09-13
Due Date: 2023-10-04

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates