Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 7 of 7
Filters:
Qlik | Sense

CVE-2023-48365

Qlik Sense HTTP Tunneling Vulnerability: Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

Related CWE: CWE-444

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-01-13
  • Due Date: 2025-02-03
Additional Notes
https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510 ; https://nvd.nist.gov/vuln/detail/CVE-2023-48365
Qlik | Sense

CVE-2023-41266

Qlik Sense Path Traversal Vulnerability: Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
  • Date Added: 2023-12-07
  • Due Date: 2023-12-28
Additional Notes
https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41266
Qlik | Sense

CVE-2023-41265

Qlik Sense HTTP Tunneling Vulnerability: Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

Related CWE: CWE-444

Known To Be Used in Ransomware Campaigns? Known

Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
  • Date Added: 2023-12-07
  • Due Date: 2023-12-28
Additional Notes
https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801; https://nvd.nist.gov/vuln/detail/CVE-2023-41265
Realtek | SDK

CVE-2014-8361

Realtek SDK Improper Input Validation Vulnerability: Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-09-18
  • Due Date: 2023-10-09
Additional Notes
https://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055; https://nvd.nist.gov/vuln/detail/CVE-2014-8361
Plex | Media Server

CVE-2020-5741

Plex Media Server Remote Code Execution Vulnerability: Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2023-03-10
  • Due Date: 2023-03-31
Additional Notes
https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819; https://nvd.nist.gov/vuln/detail/CVE-2020-5741
Realtek | Jungle Software Development Kit (SDK)

CVE-2021-35394

Realtek Jungle SDK Remote Code Execution Vulnerability: RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution.

Related CWEs: CWE-78| CWE-138

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-12-10
  • Due Date: 2021-12-24
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-35394
Realtek | AP-Router SDK

CVE-2021-35395

Realtek AP-Router SDK Buffer Overflow Vulnerability: Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS).

Related CWEs: CWE-20| CWE-122

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-35395

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now