Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | MSCOMCTL.OCX

CVE-2012-0158

Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability: Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Office

CVE-2015-1641

Microsoft Office Memory Corruption Vulnerability: Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user.

Related CWE: CWE-399

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Internet Explorer

CVE-2021-27085

Microsoft Internet Explorer Remote Code Execution Vulnerability: Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | MSHTML

CVE-2019-0541

Microsoft MSHTML Remote Code Execution Vulnerability: Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Office

CVE-2017-11882

Microsoft Office Memory Corruption Vulnerability: Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Internet Explorer

CVE-2020-0674

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Office

CVE-2021-27059

Microsoft Office Remote Code Execution Vulnerability: Microsoft Office contains an unspecified vulnerability that allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Internet Explorer

CVE-2019-1367

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Office and WordPad

CVE-2017-0199

Microsoft Office and WordPad Remote Code Execution Vulnerability: Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Internet Explorer

CVE-2020-1380

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Internet Explorer

CVE-2019-1429

Related CWEs: CWE-416| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Office

CVE-2017-11774

Microsoft Office Outlook Security Feature Bypass Vulnerability: Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Internet Explorer

CVE-2020-0968

Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability: Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Netlogon

CVE-2020-1472

Microsoft Netlogon Privilege Escalation Vulnerability: Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.

Related CWE: CWE-330

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2020-09-21

Additional Notes

Microsoft | Exchange Server

CVE-2021-26855

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Related CWE: CWE-918

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-04-16

Additional Notes

Microsoft | Exchange Server

CVE-2021-26858

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-04-16

Additional Notes

Microsoft | Exchange Server

CVE-2021-27065

Related CWE: CWE-39

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-04-16

Additional Notes

Microsoft | Win32k

CVE-2020-1054

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Windows

CVE-2021-1675

Microsoft Windows Print Spooler Remote Code Execution Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-285

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Windows

CVE-2021-34448

Microsoft Windows Scripting Engine Memory Corruption Vulnerability: Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates