Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

SolarWinds | Web Help Desk

CVE-2024-28987

SolarWinds Web Help Desk Hardcoded Credential Vulnerability: SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data.

Related CWE: CWE-798

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-10-15
Due Date: 2024-11-05

Additional Notes

SolarWinds | Web Help Desk

CVE-2024-28986

SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability: SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-08-15
Due Date: 2024-09-05

Additional Notes

SolarWinds | Serv-U

CVE-2024-28995

SolarWinds Serv-U Path Traversal Vulnerability : SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-07-17
Due Date: 2024-08-07

Additional Notes

GitLab | GitLab CE/EE

CVE-2023-7028

GitLab Community and Enterprise Editions Improper Access Control Vulnerability: GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-05-01
Due Date: 2024-05-22

Additional Notes

QNAP | VioStor NVR

CVE-2023-47565

QNAP VioStor NVR OS Command Injection Vulnerability: QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-12-21
Due Date: 2024-01-11

Additional Notes

QNAP | Photo Station

CVE-2022-27593

QNAP Photo Station Externally Controlled Reference Vulnerability: Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.

Related CWE: CWE-610

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-09-08
Due Date: 2022-09-29

Additional Notes

QNAP | Photo Station

CVE-2019-7195

QNAP Photo Station Path Traversal Vulnerability: QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

QNAP | Photo Station

CVE-2019-7194

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

QNAP | QTS

CVE-2019-7193

QNAP QTS Improper Input Validation Vulnerability: QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

QNAP | Photo Station

CVE-2019-7192

QNAP Photo Station Improper Access Control Vulnerability: QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

QNAP | Network Attached Storage (NAS)

CVE-2018-19953

QNAP NAS File Station Cross-Site Scripting Vulnerability: A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.

Related CWEs: CWE-79| CWE-80

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

QNAP | Network Attached Storage (NAS)

CVE-2018-19949

QNAP NAS File Station Command Injection Vulnerability: A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.

Related CWEs: CWE-20| CWE-77| CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

QNAP | Network Attached Storage (NAS)

CVE-2018-19943

QNAP NAS File Station Cross-Site Scripting Vulnerability: A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.

Related CWEs: CWE-79| CWE-80

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

QNAP | QNAP Network-Attached Storage (NAS)

CVE-2020-2509

QNAP Network-Attached Storage (NAS) Command Injection Vulnerability: QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.

Related CWEs: CWE-77| CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-11
Due Date: 2022-05-02

Additional Notes

QNAP | Network Attached Storage (NAS)

CVE-2021-28799

QNAP NAS Improper Authorization Vulnerability: QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.

Related CWE: CWE-285

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-31
Due Date: 2022-04-21

Additional Notes

SolarWinds | Serv-U

CVE-2021-35247

SolarWinds Serv-U Improper Input Validation Vulnerability: SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-21
Due Date: 2022-02-04

Additional Notes

SolarWinds | Virtualization Manager

CVE-2016-3643

SolarWinds Virtualization Manager Privilege Escalation Vulnerability: SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

SolarWinds | Serv-U

CVE-2021-35211

SolarWinds Serv-U Remote Code Execution Vulnerability: SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

SolarWinds | Orion

CVE-2020-10148

SolarWinds Orion Authentication Bypass Vulnerability: SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands.

Related CWE: CWE-288

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

GitLab | Community and Enterprise Editions

CVE-2021-22205

GitLab Community and Enterprise Editions Remote Code Execution Vulnerability: GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

Related CWEs: CWE-20| CWE-95

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates