Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 1 - 10 of 10
Filters:
Sophos | XG Firewall

CVE-2020-15069

Sophos XG Firewall Buffer Overflow Vulnerability: Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2025-02-06
  • Due Date: 2025-02-27
Additional Notes
https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal ; https://nvd.nist.gov/vuln/detail/CVE-2020-15069
Sophos | CyberoamOS

CVE-2020-29574

CyberoamOS (CROS) SQL Injection Vulnerability: CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.
  • Date Added: 2025-02-06
  • Due Date: 2025-02-27
Additional Notes
https://support.sophos.com/support/s/article/KBA-000007526 ; https://nvd.nist.gov/vuln/detail/CVE-2020-29574
Sophos | Web Appliance

CVE-2023-1671

Sophos Web Appliance Command Injection Vulnerability: Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2023-11-16
  • Due Date: 2023-12-07
Additional Notes
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce; https://nvd.nist.gov/vuln/detail/CVE-2023-1671
Sophos | Firewall

CVE-2022-1040

Sophos Firewall Authentication Bypass Vulnerability: An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Related CWE: CWE-158

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-31
  • Due Date: 2022-04-21
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-1040
Sophos | SG UTM

CVE-2020-25223

Sophos SG UTM Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-25223
Webmin | Webmin

CVE-2019-15107

Webmin Command Injection Vulnerability: An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-03-25
  • Due Date: 2022-04-15
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2019-15107
Zabbix | Frontend

CVE-2022-23131

Zabbix Frontend Authentication Bypass Vulnerability: Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML.

Related CWE: CWE-290

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-22
  • Due Date: 2022-03-08
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-23131
Zabbix | Frontend

CVE-2022-23134

Zabbix Frontend Improper Access Control Vulnerability: Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend.

Related CWE: CWE-284

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-02-22
  • Due Date: 2022-03-08
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2022-23134
Sophos | SFOS

CVE-2020-12271

Sophos SFOS SQL Injection Vulnerability: Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2021-11-03
  • Due Date: 2022-05-03
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2020-12271

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now