Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Sophos | XG Firewall

CVE-2020-15069

Sophos XG Firewall Buffer Overflow Vulnerability: Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-02-06
Due Date: 2025-02-27

Additional Notes

Sophos | CyberoamOS

CVE-2020-29574

CyberoamOS (CROS) SQL Injection Vulnerability: CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Date Added: 2025-02-06
Due Date: 2025-02-27

Additional Notes

Veeam | Backup & Replication

CVE-2024-40711

Veeam Backup and Replication Deserialization Vulnerability: Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-10-17
Due Date: 2024-11-07

Additional Notes

Sophos | Web Appliance

CVE-2023-1671

Sophos Web Appliance Command Injection Vulnerability: Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-16
Due Date: 2023-12-07

Additional Notes

Veeam | Backup & Replication

CVE-2023-27532

Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability: Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-08-22
Due Date: 2023-09-12

Additional Notes

Veeam | Backup & Replication

CVE-2022-26500

Veeam Backup & Replication Remote Code Execution Vulnerability: The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-12-13
Due Date: 2023-01-03

Additional Notes

Veeam | Backup & Replication

CVE-2022-26501

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-12-13
Due Date: 2023-01-03

Additional Notes

Sophos | Firewall

CVE-2022-3236

Sophos Firewall Code Injection Vulnerability: A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-09-23
Due Date: 2022-10-14

Additional Notes

Sophos | Firewall

CVE-2022-1040

Sophos Firewall Authentication Bypass Vulnerability: An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Related CWE: CWE-158

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-31
Due Date: 2022-04-21

Additional Notes

Sophos | SG UTM

CVE-2020-25223

Sophos SG UTM Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Hikvision | Security cameras web server

CVE-2021-36260

Hikvision Improper Input Validation: A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-10
Due Date: 2022-01-24

Additional Notes

Sophos | SFOS

CVE-2020-12271

Sophos SFOS SQL Injection Vulnerability: Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates