Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Windows

CVE-2022-38028

Microsoft Windows Print Spooler Privilege Escalation Vulnerability : Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-04-23
Due Date: 2024-05-14

Additional Notes

Microsoft | SharePoint Server

CVE-2023-24955

Microsoft SharePoint Server Code Injection Vulnerability: Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-03-26
Due Date: 2024-04-16

Additional Notes

Microsoft | Windows

CVE-2024-21338

Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability: Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.

Related CWE: CWE-822

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-03-04
Due Date: 2024-03-25

Additional Notes

Microsoft | Streaming Service

CVE-2023-29360

Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability: Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

Related CWE: CWE-822

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-02-29
Due Date: 2024-03-21

Additional Notes

Microsoft | Exchange Server

CVE-2024-21410

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-02-15
Due Date: 2024-03-07

Additional Notes

Microsoft | Windows

CVE-2024-21351

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-02-13
Due Date: 2024-03-05

Additional Notes

Microsoft | Windows

CVE-2024-21412

Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability: Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.

Related CWE: CWE-693

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-02-13
Due Date: 2024-03-05

Additional Notes

Google | Chromium V8

CVE-2023-4762

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-02-06
Due Date: 2024-02-27

Additional Notes

Google | Chromium V8

CVE-2024-0519

Google Chromium V8 Out-of-Bounds Memory Access Vulnerability: Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-17
Due Date: 2024-02-07

Additional Notes

Microsoft | SharePoint Server

CVE-2023-29357

Microsoft SharePoint Server Privilege Escalation Vulnerability: Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

Related CWE: CWE-303

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-10
Due Date: 2024-01-31

Additional Notes

Google | Chromium WebRTC

CVE-2023-7024

Google Chromium WebRTC Heap Buffer Overflow Vulnerability: Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-01-02
Due Date: 2024-01-23

Additional Notes

Google | Chromium Skia

CVE-2023-6345

Google Skia Integer Overflow Vulnerability: Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-30
Due Date: 2023-12-21

Additional Notes

Microsoft | Windows

CVE-2023-36584

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-16
Due Date: 2023-12-07

Additional Notes

Microsoft | Windows

CVE-2023-36033

Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability: Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-822

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-14
Due Date: 2023-12-05

Additional Notes

Microsoft | Windows

CVE-2023-36036

Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability: Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-14
Due Date: 2023-12-05

Additional Notes

Microsoft | Windows

CVE-2023-36025

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-14
Due Date: 2023-12-05

Additional Notes

Microsoft | Skype for Business

CVE-2023-41763

Microsoft Skype for Business Privilege Escalation Vulnerability: Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-10-10
Due Date: 2023-10-31

Additional Notes

Microsoft | WordPad

CVE-2023-36563

Microsoft WordPad Information Disclosure Vulnerability: Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-10-10
Due Date: 2023-10-31

Additional Notes

Microsoft | Windows CNG Key Isolation Service

CVE-2023-28229

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability: Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges.

Related CWE: CWE-591

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-10-04
Due Date: 2023-10-25

Additional Notes

Google | Chromium libvpx

CVE-2023-5217

Google Chromium libvpx Heap Buffer Overflow Vulnerability: Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-10-02
Due Date: 2023-10-23

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates