Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 41 - 60 of 334
Filters:
Microsoft | Windows

CVE-2024-38107

Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability: Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-13
  • Due Date: 2024-09-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38107; https://nvd.nist.gov/vuln/detail/CVE-2024-38107
Microsoft | Windows

CVE-2024-38193

Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability: Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-13
  • Due Date: 2024-09-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193; https://nvd.nist.gov/vuln/detail/CVE-2024-38193
Microsoft | Project

CVE-2024-38189

Microsoft Project Remote Code Execution Vulnerability : Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-13
  • Due Date: 2024-09-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38189; https://nvd.nist.gov/vuln/detail/CVE-2024-38189
Microsoft | Windows

CVE-2018-0824

Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability: Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-05
  • Due Date: 2024-08-26
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-0824; https://nvd.nist.gov/vuln/detail/CVE-2018-0824
Microsoft | Internet Explorer

CVE-2012-4792

Microsoft Internet Explorer Use-After-Free Vulnerability: Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2024-07-23
  • Due Date: 2024-08-13
Additional Notes
https://learn.microsoft.com/en-us/lifecycle/products/internet-explorer-11; https://nvd.nist.gov/vuln/detail/CVE-2012-4792
Microsoft | Windows

CVE-2024-38112

Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.

Related CWE: CWE-451

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-09
  • Due Date: 2024-07-30
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112; https://nvd.nist.gov/vuln/detail/CVE-2024-38112
Microsoft | Windows

CVE-2024-38080

Microsoft Windows Hyper-V Privilege Escalation Vulnerability: Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-09
  • Due Date: 2024-07-30
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38080; https://nvd.nist.gov/vuln/detail/CVE-2024-38080
Microsoft | Windows

CVE-2024-26169

Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability: Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2024-06-13
  • Due Date: 2024-07-04
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26169; https://nvd.nist.gov/vuln/detail/CVE-2024-26169
Microsoft | DWM Core Library

CVE-2024-30051

Microsoft DWM Core Library Privilege Escalation Vulnerability: Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges.

Related CWE: CWE-122

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-05-14
  • Due Date: 2024-06-04
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051; https://nvd.nist.gov/vuln/detail/CVE-2024-30051
Microsoft | Windows

CVE-2024-30040

Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability: Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-05-14
  • Due Date: 2024-06-04
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040; https://nvd.nist.gov/vuln/detail/CVE-2024-30040
Microsoft | SmartScreen Prompt

CVE-2024-29988

Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability: Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file.

Related CWE: CWE-693

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-04-30
  • Due Date: 2024-05-21
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988; https://nvd.nist.gov/vuln/detail/CVE-2024-29988
Microsoft | Windows

CVE-2022-38028

Microsoft Windows Print Spooler Privilege Escalation Vulnerability : Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-04-23
  • Due Date: 2024-05-14
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38028; https://nvd.nist.gov/vuln/detail/CVE-2022-38028
Microsoft | SharePoint Server

CVE-2023-24955

Microsoft SharePoint Server Code Injection Vulnerability: Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-03-26
  • Due Date: 2024-04-16
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955; https://nvd.nist.gov/vuln/detail/CVE-2023-24955
Microsoft | Windows

CVE-2024-21338

Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability: Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation.

Related CWE: CWE-822

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-03-04
  • Due Date: 2024-03-25
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338; https://nvd.nist.gov/vuln/detail/CVE-2024-21338
Microsoft | Streaming Service

CVE-2023-29360

Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability: Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges.

Related CWE: CWE-822

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-02-29
  • Due Date: 2024-03-21
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360 ;https://nvd.nist.gov/vuln/detail/CVE-2023-29360
Microsoft | Exchange Server

CVE-2024-21410

Microsoft Exchange Server Privilege Escalation Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-02-15
  • Due Date: 2024-03-07
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410; https://nvd.nist.gov/vuln/detail/CVE-2024-21410
Microsoft | Windows

CVE-2024-21412

Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability: Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass.

Related CWE: CWE-693

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-02-13
  • Due Date: 2024-03-05
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21412; https://nvd.nist.gov/vuln/detail/CVE-2024-21412
Microsoft | Windows

CVE-2024-21351

Microsoft Windows SmartScreen Security Feature Bypass Vulnerability: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-02-13
  • Due Date: 2024-03-05
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351; https://nvd.nist.gov/vuln/detail/CVE-2024-21351
Microsoft | SharePoint Server

CVE-2023-29357

Microsoft SharePoint Server Privilege Escalation Vulnerability: Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.

Related CWE: CWE-303

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-01-10
  • Due Date: 2024-01-31
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357; https://nvd.nist.gov/vuln/detail/CVE-2023-29357
Microsoft | Windows

CVE-2023-36584

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-11-16
  • Due Date: 2023-12-07
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584 ; https://nvd.nist.gov/vuln/detail/CVE-2023-36584

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now