Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 20 of 22
Filters:
SonicWall | SMA100 Appliances

CVE-2023-44221

SonicWall SMA100 Appliances OS Command Injection Vulnerability: SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-05-01
  • Due Date: 2025-05-22
Additional Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 ; https://nvd.nist.gov/vuln/detail/CVE-2023-44221
SonicWall | SMA100 Appliances

CVE-2021-20035

SonicWall SMA100 Appliances OS Command Injection Vulnerability: SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-04-16
  • Due Date: 2025-05-07
Additional Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022 ; https://nvd.nist.gov/vuln/detail/CVE-2021-20035
SonicWall | SonicOS

CVE-2024-53704

SonicWall SonicOS SSLVPN Improper Authentication Vulnerability: SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication.

Related CWE: CWE-287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-18
  • Due Date: 2025-03-11
Additional Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 ; https://nvd.nist.gov/vuln/detail/CVE-2024-53704
Sophos | CyberoamOS

CVE-2020-29574

CyberoamOS (CROS) SQL Injection Vulnerability: CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
  • Date Added: 2025-02-06
  • Due Date: 2025-02-27
Additional Notes
https://support.sophos.com/support/s/article/KBA-000007526 ; https://nvd.nist.gov/vuln/detail/CVE-2020-29574
Sophos | XG Firewall

CVE-2020-15069

Sophos XG Firewall Buffer Overflow Vulnerability: Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-06
  • Due Date: 2025-02-27
Additional Notes
https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal ; https://nvd.nist.gov/vuln/detail/CVE-2020-15069
SonicWall | SMA1000 Appliances

CVE-2025-23006

SonicWall SMA1000 Appliances Deserialization Vulnerability: SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-01-24
  • Due Date: 2025-02-14
Additional Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 ; https://nvd.nist.gov/vuln/detail/CVE-2025-23006
SonicWall | SonicOS

CVE-2024-40766

SonicWall SonicOS Improper Access Control Vulnerability: SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-09-09
  • Due Date: 2024-09-30
Additional Notes
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://nvd.nist.gov/vuln/detail/CVE-2024-40766
Sophos | Web Appliance

CVE-2023-1671

Sophos Web Appliance Command Injection Vulnerability: Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-11-16
  • Due Date: 2023-12-07
Additional Notes
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce; https://nvd.nist.gov/vuln/detail/CVE-2023-1671
Delta Electronics | DOPSoft 2

CVE-2021-38406

Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability: Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-08-25
  • Due Date: 2022-09-15
Additional Notes
https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-02; https://nvd.nist.gov/vuln/detail/CVE-2021-38406
Sophos | Firewall

CVE-2022-1040

Sophos Firewall Authentication Bypass Vulnerability: An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Related CWE: CWE-158

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-31
  • Due Date: 2022-04-21
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-1040
SonicWall | SMA100

CVE-2019-7483

SonicWall SMA100 Directory Traversal Vulnerability: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-7483
SonicWall | Secure Remote Access (SRA)

CVE-2021-20028

SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability: SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2022-03-28
  • Due Date: 2022-04-18
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20028
Sophos | SG UTM

CVE-2020-25223

Sophos SG UTM Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-25223
SonicWall | SonicOS

CVE-2020-5135

SonicWall SonicOS Buffer Overflow Vulnerability: A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-15
  • Due Date: 2022-04-05
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-5135
SonicWall | SMA 100 Appliances

CVE-2021-20038

SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability: SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution.

Related CWE: CWE-121

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-01-28
  • Due Date: 2022-02-11
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20038
Sophos | SFOS

CVE-2020-12271

Sophos SFOS SQL Injection Vulnerability: Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-12271
SonicWall | SSLVPN SMA100

CVE-2021-20016

SonicWall SSLVPN SMA100 SQL Injection Vulnerability: SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20016
SonicWall | SonicWall Email Security

CVE-2021-20023

SonicWall Email Security Path Traversal Vulnerability: SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20023
SonicWall | SonicWall Email Security

CVE-2021-20022

SonicWall Email Security Unrestricted Upload of File Vulnerability: SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation.

Related CWE: CWE-434

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2021-11-17
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-20022

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now