Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Windows

CVE-2022-21919

Microsoft Windows User Profile Service Privilege Escalation Vulnerability: Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-1386

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-25
Due Date: 2022-05-16

Additional Notes

Microsoft | Win32k

CVE-2021-41357

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-25
Due Date: 2022-05-16

Additional Notes

Microsoft | Win32k

CVE-2021-40450

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-25
Due Date: 2022-05-16

Additional Notes

Microsoft | Windows

CVE-2022-22718

Microsoft Windows Print Spooler Privilege Escalation Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-19
Due Date: 2022-05-10

Additional Notes

D-Link | DNS-320 Storage Device

CVE-2019-16057

D-Link DNS-320 Remote Code Execution Vulnerability: The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-15
Due Date: 2022-05-06

Additional Notes

Microsoft | Windows

CVE-2022-24521

Microsoft Windows CLFS Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

Related CWEs: CWE-787| CWE-1285

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Microsoft | Internet Explorer

CVE-2015-2502

Microsoft Internet Explorer Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-13
Due Date: 2022-05-04

Additional Notes

Microsoft | Active Directory

CVE-2021-42287

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability: Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-04-11
Due Date: 2022-05-02

Additional Notes

Microsoft | Active Directory

CVE-2021-42278

Microsoft Active Directory Domain Services Privilege Escalation Vulnerability: Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-04-11
Due Date: 2022-05-02

Additional Notes

Microsoft | HTTP Protocol Stack

CVE-2021-31166

Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability: Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-06
Due Date: 2022-04-27

Additional Notes

Microsoft | SMBv1 server

CVE-2017-0148

Microsoft SMBv1 Server Remote Code Execution Vulnerability: The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-04-06
Due Date: 2022-04-27

Additional Notes

D-Link | Multiple Routers

CVE-2021-45382

D-Link Multiple Routers Remote Code Execution Vulnerability: A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-04-04
Due Date: 2022-04-25

Additional Notes

Microsoft | Windows

CVE-2021-34484

Microsoft Windows User Profile Service Privilege Escalation Vulnerability: Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-31
Due Date: 2022-04-21

Additional Notes

Microsoft | Office

CVE-2021-38646

Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability: Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Windows

CVE-2021-34486

Microsoft Windows Event Tracing Privilege Escalation Vulnerability: Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Windows

CVE-2018-8440

Microsoft Windows Privilege Escalation Vulnerability: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | DirectX Graphics Kernel (DXGKRNL)

CVE-2018-8406

Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | DirectX Graphics Kernel (DXGKRNL)

CVE-2018-8405

Related CWE: CWE-404

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Windows

CVE-2017-0213

Microsoft Windows Privilege Escalation Vulnerability: Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Microsoft | Internet Explorer

CVE-2017-0059

Microsoft Internet Explorer Information Disclosure Vulnerability: Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-28
Due Date: 2022-04-18

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates