Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Aviatrix | Controllers

CVE-2024-50603

Aviatrix Controllers OS Command Injection Vulnerability: Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2025-01-16
Due Date: 2025-02-06

Additional Notes

Array Networks | AG/vxAG ArrayOS

CVE-2023-28461

Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability: Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway.

Related CWE: CWE-306

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2024-11-25
Due Date: 2024-12-16

Additional Notes

RARLAB | WinRAR

CVE-2023-38831

RARLAB WinRAR Code Execution Vulnerability: RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive.

Related CWE: CWE-351

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Date Added: 2023-08-24
Due Date: 2023-09-14

Additional Notes

RARLAB | UnRAR

CVE-2022-30333

RARLAB UnRAR Directory Traversal Vulnerability: RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation.

Related CWEs: CWE-22| CWE-59

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-08-09
Due Date: 2022-08-30

Additional Notes

RARLAB | WinRAR

CVE-2018-20250

WinRAR Absolute Path Traversal Vulnerability: WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution

Related CWE: CWE-36

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-02-15
Due Date: 2022-08-15

Additional Notes

Aviatrix | Aviatrix Controller

CVE-2021-40870

Aviatrix Controller Unrestricted Upload of File: Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal.

Related CWEs: CWE-25| CWE-96

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-01-18
Due Date: 2022-02-01

Additional Notes

Known Exploited Vulnerabilities Catalog

CVE-2024-50603

CVE-2023-28461

CVE-2023-38831

CVE-2022-30333

CVE-2018-20250

CVE-2021-40870

Subscribe to the KEV Catalog Updates