Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

CrushFTP | CrushFTP

CVE-2025-31161

CrushFTP Authentication Bypass Vulnerability: CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.

Related CWE: CWE-305

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-04-07
Due Date: 2025-04-28

Additional Notes

Sophos | XG Firewall

CVE-2020-15069

Sophos XG Firewall Buffer Overflow Vulnerability: Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the "HTTP/S bookmark" feature.

Related CWE: CWE-120

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-02-06
Due Date: 2025-02-27

Additional Notes

Sophos | CyberoamOS

CVE-2020-29574

CyberoamOS (CROS) SQL Injection Vulnerability: CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely.

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

Date Added: 2025-02-06
Due Date: 2025-02-27

Additional Notes

CrushFTP | CrushFTP

CVE-2024-4040

CrushFTP VFS Sandbox Escape Vulnerability: CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS).

Related CWE: CWE-1336

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-04-24
Due Date: 2024-05-01

Additional Notes

QNAP | VioStor NVR

CVE-2023-47565

QNAP VioStor NVR OS Command Injection Vulnerability: QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-12-21
Due Date: 2024-01-11

Additional Notes

Sophos | Web Appliance

CVE-2023-1671

Sophos Web Appliance Command Injection Vulnerability: Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution.

Related CWE: CWE-77

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-11-16
Due Date: 2023-12-07

Additional Notes

Sophos | Firewall

CVE-2022-3236

Sophos Firewall Code Injection Vulnerability: A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-09-23
Due Date: 2022-10-14

Additional Notes

QNAP | Photo Station

CVE-2022-27593

QNAP Photo Station Externally Controlled Reference Vulnerability: Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign.

Related CWE: CWE-610

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-09-08
Due Date: 2022-09-29

Additional Notes

QNAP | Photo Station

CVE-2019-7192

QNAP Photo Station Improper Access Control Vulnerability: QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

QNAP | QTS

CVE-2019-7193

QNAP QTS Improper Input Validation Vulnerability: QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

QNAP | Photo Station

CVE-2019-7194

QNAP Photo Station Path Traversal Vulnerability: QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

QNAP | Photo Station

CVE-2019-7195

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-06-08
Due Date: 2022-06-22

Additional Notes

QNAP | Network Attached Storage (NAS)

CVE-2018-19949

QNAP NAS File Station Command Injection Vulnerability: A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands.

Related CWEs: CWE-20| CWE-77| CWE-78

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

QNAP | Network Attached Storage (NAS)

CVE-2018-19943

QNAP NAS File Station Cross-Site Scripting Vulnerability: A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.

Related CWEs: CWE-79| CWE-80

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

QNAP | Network Attached Storage (NAS)

CVE-2018-19953

QNAP NAS File Station Cross-Site Scripting Vulnerability: A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code.

Related CWEs: CWE-79| CWE-80

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-24
Due Date: 2022-06-14

Additional Notes

QNAP | QNAP Network-Attached Storage (NAS)

CVE-2020-2509

QNAP Network-Attached Storage (NAS) Command Injection Vulnerability: QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.

Related CWEs: CWE-77| CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-04-11
Due Date: 2022-05-02

Additional Notes

QNAP | Network Attached Storage (NAS)

CVE-2021-28799

QNAP NAS Improper Authorization Vulnerability: QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.

Related CWE: CWE-285

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-03-31
Due Date: 2022-04-21

Additional Notes

Sophos | Firewall

CVE-2022-1040

Sophos Firewall Authentication Bypass Vulnerability: An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.

Related CWE: CWE-158

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-31
Due Date: 2022-04-21

Additional Notes

Sophos | SG UTM

CVE-2020-25223

Sophos SG UTM Remote Code Execution Vulnerability: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-03-25
Due Date: 2022-04-15

Additional Notes

Sophos | SFOS

CVE-2020-12271

Sophos SFOS SQL Injection Vulnerability: Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

Related CWE: CWE-89

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates