Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 20 of 50
Filters:
Oracle | Agile Product Lifecycle Management (PLM)

CVE-2024-20953

Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability: Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-24
  • Due Date: 2025-03-17
Additional Notes
https://www.oracle.com/security-alerts/cpujan2024.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20953
Oracle | WebLogic Server

CVE-2020-2883

Oracle WebLogic Server Unspecified Vulnerability: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-01-07
  • Due Date: 2025-01-28
Additional Notes
https://www.oracle.com/security-alerts/cpuapr2020.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-2883
Oracle | Agile Product Lifecycle Management (PLM)

CVE-2024-21287

Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability: Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-11-21
  • Due Date: 2024-12-12
Additional Notes
https://www.oracle.com/security-alerts/alert-cve-2024-21287.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-21287
Oracle | WebLogic Server

CVE-2020-14644

Oracle WebLogic Server Remote Code Execution Vulnerability: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-09-18
  • Due Date: 2024-10-09
Additional Notes
https://www.oracle.com/security-alerts/cpujul2020.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-14644
Oracle | ADF Faces

CVE-2022-21445

Oracle ADF Faces Deserialization of Untrusted Data Vulnerability: Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-09-18
  • Due Date: 2024-10-09
Additional Notes
https://www.oracle.com/security-alerts/cpuapr2022.html ; https://nvd.nist.gov/vuln/detail/CVE-2022-21445
Oracle | WebLogic Server

CVE-2017-3506

Oracle WebLogic Server OS Command Injection Vulnerability: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-06-03
  • Due Date: 2024-06-24
Additional Notes
https://www.oracle.com/security-alerts/cpuapr2017.html; https://nvd.nist.gov/vuln/detail/CVE-2017-3506
Oracle | Fusion Middleware

CVE-2020-2551

Oracle Fusion Middleware Unspecified Vulnerability: Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-11-16
  • Due Date: 2023-12-07
Additional Notes
https://www.oracle.com/security-alerts/cpujan2020.html; https://nvd.nist.gov/vuln/detail/CVE-2020-2551
Samsung | Mobile Devices

CVE-2022-22265

Samsung Mobile Devices Use-After-Free Vulnerability: Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.

Related CWE: CWE-703

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-18
  • Due Date: 2023-10-09
Additional Notes
https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1; https://nvd.nist.gov/vuln/detail/CVE-2022-22265
Samsung | Mobile Devices

CVE-2021-25371

Samsung Mobile Devices Unspecified Vulnerability: Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.

Related CWE: CWE-912

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
  • Date Added: 2023-06-29
  • Due Date: 2023-07-20
Additional Notes
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=3; https://nvd.nist.gov/vuln/detail/CVE-2021-25371
Samsung | Mobile Devices

CVE-2021-25394

Samsung Mobile Devices Race Condition Vulnerability: Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
  • Date Added: 2023-06-29
  • Due Date: 2023-07-20
Additional Notes
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5; https://nvd.nist.gov/vuln/detail/CVE-2021-25394
Samsung | Mobile Devices

CVE-2021-25489

Samsung Mobile Devices Improper Input Validation Vulnerability: Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
  • Date Added: 2023-06-29
  • Due Date: 2023-07-20
Additional Notes
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10; https://nvd.nist.gov/vuln/detail/CVE-2021-25489
Samsung | Mobile Devices

CVE-2021-25487

Samsung Mobile Devices Out-of-Bounds Read Vulnerability: Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.

Related CWE: CWE-125

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
  • Date Added: 2023-06-29
  • Due Date: 2023-07-20
Additional Notes
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10; https://nvd.nist.gov/vuln/detail/CVE-2021-25487
Samsung | Mobile Devices

CVE-2021-25395

Samsung Mobile Devices Race Condition Vulnerability: Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.

Related CWE: CWE-362

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
  • Date Added: 2023-06-29
  • Due Date: 2023-07-20
Additional Notes
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5; https://nvd.nist.gov/vuln/detail/CVE-2021-25395
Samsung | Mobile Devices

CVE-2021-25372

Samsung Mobile Devices Improper Boundary Check Vulnerability: Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
  • Date Added: 2023-06-29
  • Due Date: 2023-07-20
Additional Notes
https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=3; https://nvd.nist.gov/vuln/detail/CVE-2021-25372
Samsung | Mobile Devices

CVE-2023-21492

Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability: Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.

Related CWE: CWE-532

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-05-19
  • Due Date: 2023-06-09
Additional Notes
https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2023-21492
Oracle | Java SE and JRockit

CVE-2016-3427

Oracle Java SE and JRockit Unspecified Vulnerability: Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-05-12
  • Due Date: 2023-06-02
Additional Notes
https://www.oracle.com/security-alerts/cpuapr2016v3.html; https://nvd.nist.gov/vuln/detail/CVE-2016-3427
Oracle | WebLogic Server

CVE-2023-21839

Oracle WebLogic Server Unspecified Vulnerability: Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-05-01
  • Due Date: 2023-05-22
Additional Notes
https://www.oracle.com/security-alerts/cpujan2023.html; https://nvd.nist.gov/vuln/detail/CVE-2023-21839
Oracle | E-Business Suite

CVE-2022-21587

Oracle E-Business Suite Unspecified Vulnerability: Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2023-02-02
  • Due Date: 2023-02-23
Additional Notes
https://www.oracle.com/security-alerts/cpuoct2022.html; https://nvd.nist.gov/vuln/detail/CVE-2022-21587
Oracle | Fusion Middleware

CVE-2021-35587

Oracle Fusion Middleware Unspecified Vulnerability: Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.

Related CWEs: CWE-502| CWE-790

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-28
  • Due Date: 2022-12-19
Additional Notes
https://www.oracle.com/security-alerts/cpujan2022.html; https://nvd.nist.gov/vuln/detail/CVE-2021-35587
Samsung | Mobile Devices

CVE-2021-25370

Samsung Mobile Devices Memory Corruption Vulnerability: Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-11-29
Additional Notes
https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25370

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now