Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 20 of 30
Filters:
Hitachi Vantara | Pentaho Business Analytics (BA) Server

CVE-2022-43939

Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability: Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization.

Related CWE: CWE-647

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-03
  • Due Date: 2025-03-24
Additional Notes
https://support.pentaho.com/hc/en-us/articles/14455394120333--Resolved-Pentaho-BA-Server-Use-of-Non-Canonical-URL-Paths-for-Authorization-Decisions-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43939- ; https://nvd.nist.gov/vuln/detail/CVE-2022-43939
Hitachi Vantara | Pentaho Business Analytics (BA) Server

CVE-2022-43769

Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability: Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution.

Related CWE: CWE-74

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-03-03
  • Due Date: 2025-03-24
Additional Notes
https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769 ; https://nvd.nist.gov/vuln/detail/CVE-2022-43769
Zyxel | DSL CPE Devices

CVE-2024-40890

Zyxel DSL CPE OS Command Injection Vulnerability: Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
  • Date Added: 2025-02-11
  • Due Date: 2025-03-04
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 ; https://www.zyxel.com/service-provider/global/en/security-advisories/zyxel-security-advisory-command-injection-insecure-in-certain-legacy-dsl-cpe-02-04-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40890
Zyxel | DSL CPE Devices

CVE-2024-40891

Zyxel DSL CPE OS Command Injection Vulnerability: Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.
  • Date Added: 2025-02-11
  • Due Date: 2025-03-04
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 ; https://www.zyxel.com/service-provider/global/en/security-advisories/zyxel-security-advisory-command-injection-insecure-in-certain-legacy-dsl-cpe-02-04-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40891
Zyxel | Multiple Firewalls

CVE-2024-11667

Zyxel Multiple Firewalls Path Traversal Vulnerability: Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-12-03
  • Due Date: 2024-12-24
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-21-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-11667
Citrix | NetScaler ADC and NetScaler Gateway

CVE-2023-6548

Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability: Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-01-17
  • Due Date: 2024-01-24
Additional Notes
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549; https://nvd.nist.gov/vuln/detail/CVE-2023-6548
Citrix | NetScaler ADC and NetScaler Gateway

CVE-2023-6549

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability: Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-01-17
  • Due Date: 2024-02-07
Additional Notes
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549; https://nvd.nist.gov/vuln/detail/CVE-2023-6549
Citrix | NetScaler ADC and NetScaler Gateway

CVE-2023-4966

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability: Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-10-18
  • Due Date: 2023-11-08
Additional Notes
https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/, https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4966
Zyxel | EMG2926 Routers

CVE-2017-6884

Zyxel EMG2926 Routers Command Injection Vulnerability: Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-18
  • Due Date: 2023-10-09
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe, https://www.zyxelguard.com/Zyxel-EOL.asp; https://nvd.nist.gov/vuln/detail/CVE-2017-6884
Citrix | Content Collaboration

CVE-2023-24489

Citrix Content Collaboration ShareFile Improper Access Control Vulnerability: Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-08-16
  • Due Date: 2023-09-06
Additional Notes
https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489; https://nvd.nist.gov/vuln/detail/CVE-2023-24489
Zyxel | P660HN-T1A Routers

CVE-2017-18368

Zyxel P660HN-T1A Routers Command Injection Vulnerability: Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-08-07
  • Due Date: 2023-08-28
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-a-new-variant-of-gafgyt-malware; https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-p660hn-t1a-dsl-cpe; https://nvd.nist.gov/vuln/detail/CVE-2017-18368
Citrix | NetScaler ADC and NetScaler Gateway

CVE-2023-3519

Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability: Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-07-19
  • Due Date: 2023-08-09
Additional Notes
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467; https://nvd.nist.gov/vuln/detail/CVE-2023-3519
Zyxel | Multiple Network-Attached Storage (NAS) Devices

CVE-2023-27992

Zyxel Multiple NAS Devices Command Injection Vulnerability: Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-06-23
  • Due Date: 2023-07-14
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products; https://nvd.nist.gov/vuln/detail/CVE-2023-27992
Zyxel | Multiple Firewalls

CVE-2023-33010

Zyxel Multiple Firewalls Buffer Overflow Vulnerability: Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-06-05
  • Due Date: 2023-06-26
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls; https://nvd.nist.gov/vuln/detail/CVE-2023-33010
Zyxel | Multiple Firewalls

CVE-2023-33009

Zyxel Multiple Firewalls Buffer Overflow Vulnerability: Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-06-05
  • Due Date: 2023-06-26
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls; https://nvd.nist.gov/vuln/detail/CVE-2023-33009
Zyxel | Multiple Firewalls

CVE-2023-28771

Zyxel Multiple Firewalls OS Command Injection Vulnerability: Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-05-31
  • Due Date: 2023-06-21
Additional Notes
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls; https://nvd.nist.gov/vuln/detail/CVE-2023-28771
Citrix | Application Delivery Controller (ADC) and Gateway

CVE-2022-27518

Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability: Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.

Related CWE: CWE-664

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-12-13
  • Due Date: 2023-01-03
Additional Notes
https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/; https://nvd.nist.gov/vuln/detail/CVE-2022-27518
Zyxel | Multiple Firewalls

CVE-2022-30525

Zyxel Multiple Firewalls OS Command Injection Vulnerability: A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-05-16
  • Due Date: 2022-06-06
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-30525
Citrix | SD-WAN and NetScaler

CVE-2019-12989

Citrix SD-WAN and NetScaler SQL Injection Vulnerability: Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-12989
Zyxel | Multiple Network-Attached Storage (NAS) Devices

CVE-2020-9054

Zyxel Multiple NAS Devices OS Command Injection Vulnerability: Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-9054

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now