Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Paessler | PRTG Network Monitor

CVE-2018-9276

Paessler PRTG Network Monitor OS Command Injection Vulnerability: Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-02-04
Due Date: 2025-02-25

Additional Notes

Paessler | PRTG Network Monitor

CVE-2018-19410

Paessler PRTG Network Monitor Local File Inclusion Vulnerability: Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator).

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-02-04
Due Date: 2025-02-25

Additional Notes

Zoho | ManageEngine

CVE-2022-28810

Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability: Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.

Related CWEs: CWE-78| CWE-259

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2023-03-07
Due Date: 2023-03-28

Additional Notes

Zoho | ManageEngine

CVE-2022-47966

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability: Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2023-01-23
Due Date: 2023-02-13

Additional Notes

Zoho | ManageEngine

CVE-2022-35405

Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability: Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-09-22
Due Date: 2022-10-13

Additional Notes

NETGEAR | Multiple Devices

CVE-2017-5521

NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability: Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions. If the affected device has since entered end-of-life, it should be disconnected if still in use.

Date Added: 2022-09-08
Due Date: 2022-09-29

Additional Notes

NETGEAR | Multiple Devices

CVE-2017-6862

NETGEAR Multiple Devices Buffer Overflow Vulnerability: Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

NETGEAR | DGN2200 Devices

CVE-2017-6334

NETGEAR DGN2200 Devices OS Command Injection Vulnerability: dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

NETGEAR | Wireless Access Point (WAP) Devices

CVE-2016-1555

NETGEAR Multiple WAP Devices Command Injection Vulnerability: Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

NETGEAR | WNR2000v5 Router

CVE-2016-10174

NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability: The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

NETGEAR | Wireless Router DGN2200

CVE-2017-6077

NETGEAR DGN2200 Remote Code Execution Vulnerability: NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-09-07

Additional Notes

NETGEAR | Multiple Routers

CVE-2016-6277

NETGEAR Multiple Routers Remote Code Execution Vulnerability: NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution.

Related CWE: CWE-352

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-07
Due Date: 2022-09-07

Additional Notes

Zoho | Desktop Central

CVE-2021-44515

Zoho Desktop Central Authentication Bypass Vulnerability: Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-10
Due Date: 2021-12-24

Additional Notes

Zoho | ManageEngine ServiceDesk Plus (SDP)

CVE-2021-37415

Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability: Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2021-12-15

Additional Notes

Zoho | ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus

CVE-2021-44077

Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-12-01
Due Date: 2021-12-15

Additional Notes

Zoho | ManageEngine

CVE-2019-8394

Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability: Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Zoho | ManageEngine

CVE-2020-10189

Zoho ManageEngine Desktop Central File Upload Vulnerability: Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Zoho | ManageEngine

CVE-2021-40539

Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability: Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.

Related CWE: CWE-55

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

NETGEAR | JGS516PE Devices

CVE-2020-26919

Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability: Netgear JGS516PE devices contain a missing function level access control vulnerability.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates