Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Juniper | Junos OS

CVE-2025-21590

Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability: Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to inject arbitrary code.

Related CWE: CWE-653

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-03-13
Due Date: 2025-04-03

Additional Notes

Citrix | NetScaler ADC and NetScaler Gateway

CVE-2023-6548

Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability: Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-17
Due Date: 2024-01-24

Additional Notes

Citrix | NetScaler ADC and NetScaler Gateway

CVE-2023-6549

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability: Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-17
Due Date: 2024-02-07

Additional Notes

Juniper | Junos OS

CVE-2023-36851

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability: Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-13
Due Date: 2023-11-17

Additional Notes

Juniper | Junos OS

CVE-2023-36847

Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability: Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-13
Due Date: 2023-11-17

Additional Notes

Juniper | Junos OS

CVE-2023-36846

Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability: Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-13
Due Date: 2023-11-17

Additional Notes

Juniper | Junos OS

CVE-2023-36845

Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability: Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the PHP execution environment allowing the injection und execution of code.

Related CWE: CWE-473

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-13
Due Date: 2023-11-17

Additional Notes

Juniper | Junos OS

CVE-2023-36844

Juniper Junos OS EX Series PHP External Variable Modification Vulnerability: Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables, leading to partial loss of integrity, which may allow chaining to other vulnerabilities.

Related CWE: CWE-473

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-13
Due Date: 2023-11-17

Additional Notes

Citrix | NetScaler ADC and NetScaler Gateway

CVE-2023-4966

Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability: Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable.

Date Added: 2023-10-18
Due Date: 2023-11-08

Additional Notes

Citrix | Content Collaboration

CVE-2023-24489

Citrix Content Collaboration ShareFile Improper Access Control Vulnerability: Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-08-16
Due Date: 2023-09-06

Additional Notes

Citrix | NetScaler ADC and NetScaler Gateway

CVE-2023-3519

Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability: Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-07-19
Due Date: 2023-08-09

Additional Notes

Citrix | Application Delivery Controller (ADC) and Gateway

CVE-2022-27518

Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability: Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator.

Related CWE: CWE-664

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-12-13
Due Date: 2023-01-03

Additional Notes

InduSoft | Web Studio

CVE-2014-0780

InduSoft Web Studio NTWebServer Directory Traversal Vulnerability: InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

Citrix | NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server

CVE-2017-6316

Citrix Multiple Products Remote Code Execution Vulnerability: A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Citrix | SD-WAN and NetScaler

CVE-2019-12989

Citrix SD-WAN and NetScaler SQL Injection Vulnerability: Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Citrix | SD-WAN and NetScaler

CVE-2019-12991

Citrix SD-WAN and NetScaler Command Injection Vulnerability: Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Juniper | Junos OS

CVE-2020-1631

Juniper Junos OS Path Traversal Vulnerability: A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.

Related CWEs: CWE-22| CWE-73

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Citrix | ShareFile

CVE-2021-22941

Citrix ShareFile Improper Access Control Vulnerability: Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Citrix | Workspace Application and Receiver for Windows

CVE-2019-11634

Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability: Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Citrix | Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance

CVE-2019-19781

Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability: Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates