Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 201 - 220 of 1341
Microsoft | Windows

CVE-2018-0824

Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability: Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script.

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-08-05
  • Due Date: 2024-08-26
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-0824; https://nvd.nist.gov/vuln/detail/CVE-2018-0824
VMware | ESXi

CVE-2024-37085

VMware ESXi Authentication Bypass Vulnerability: VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.

Related CWE: CWE-305

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-30
  • Due Date: 2024-08-20
Additional Notes
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505; https://nvd.nist.gov/vuln/detail/CVE-2024-37085
ServiceNow | Utah, Vancouver, and Washington DC Now Platform

CVE-2024-4879

ServiceNow Improper Input Validation Vulnerability: ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.

Related CWE: CWE-1287

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-29
  • Due Date: 2024-08-19
Additional Notes
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154; https://nvd.nist.gov/vuln/detail/CVE-2024-4879
ServiceNow | Utah, Vancouver, and Washington DC Now Platform

CVE-2024-5217

ServiceNow Incomplete List of Disallowed Inputs Vulnerability: ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.

Related CWE: CWE-184

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-29
  • Due Date: 2024-08-19
Additional Notes
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313; https://nvd.nist.gov/vuln/detail/CVE-2024-5217
Acronis | Cyber Infrastructure (ACI)

CVE-2023-45249

Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability: Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords.

Related CWE: CWE-1393

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-29
  • Due Date: 2024-08-19
Additional Notes
https://security-advisory.acronis.com/advisories/SEC-6452; https://nvd.nist.gov/vuln/detail/CVE-2023-45249
Microsoft | Internet Explorer

CVE-2012-4792

Microsoft Internet Explorer Use-After-Free Vulnerability: Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.
  • Date Added: 2024-07-23
  • Due Date: 2024-08-13
Additional Notes
https://learn.microsoft.com/en-us/lifecycle/products/internet-explorer-11; https://nvd.nist.gov/vuln/detail/CVE-2012-4792
Twilio | Authy

CVE-2024-39891

Twilio Authy Information Disclosure Vulnerability: Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy.

Related CWE: CWE-203

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-23
  • Due Date: 2024-08-13
Additional Notes
https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS; https://nvd.nist.gov/vuln/detail/CVE-2024-39891
VMware | vCenter Server

CVE-2022-22948

VMware vCenter Server Incorrect Default File Permissions Vulnerability : VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information.

Related CWE: CWE-276

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-17
  • Due Date: 2024-08-07
Additional Notes
https://www.vmware.com/security/advisories/VMSA-2022-0009.html; https://nvd.nist.gov/vuln/detail/CVE-2022-22948
SolarWinds | Serv-U

CVE-2024-28995

SolarWinds Serv-U Path Traversal Vulnerability : SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine.

Related CWE: CWE-22

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-17
  • Due Date: 2024-08-07
Additional Notes
https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995; https://nvd.nist.gov/vuln/detail/CVE-2024-28995
Adobe | Commerce and Magento Open Source

CVE-2024-34102

Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability: Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution.

Related CWE: CWE-611

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-17
  • Due Date: 2024-08-07
Additional Notes
https://helpx.adobe.com/security/products/magento/apsb24-40.html; https://nvd.nist.gov/vuln/detail/CVE-2024-34102
OSGeo | GeoServer

CVE-2024-36401

OSGeo GeoServer GeoTools Eval Injection Vulnerability: OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input.

Related CWE: CWE-95

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-15
  • Due Date: 2024-08-05
Additional Notes
This vulnerability affects an open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv, https://github.com/geotools/geotools/pull/4797 ; https://nvd.nist.gov/vuln/detail/CVE-2024-36401
Rejetto | HTTP File Server

CVE-2024-23692

Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability: Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request.

Related CWE: CWE-1336

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-09
  • Due Date: 2024-07-30
Additional Notes
The patched Rejetto HTTP File Server (HFS) is version 3: https://github.com/rejetto/hfs?tab=readme-ov-file#installation, https://www.rejetto.com/hfs/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-23692
Microsoft | Windows

CVE-2024-38080

Microsoft Windows Hyper-V Privilege Escalation Vulnerability: Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.

Related CWE: CWE-190

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-09
  • Due Date: 2024-07-30
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38080; https://nvd.nist.gov/vuln/detail/CVE-2024-38080
Microsoft | Windows

CVE-2024-38112

Microsoft Windows MSHTML Platform Spoofing Vulnerability: Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability.

Related CWE: CWE-451

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-09
  • Due Date: 2024-07-30
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112; https://nvd.nist.gov/vuln/detail/CVE-2024-38112
Cisco | NX-OS

CVE-2024-20399

Cisco NX-OS Command Injection Vulnerability: Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-07-02
  • Due Date: 2024-07-23
Additional Notes
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP; https://nvd.nist.gov/vuln/detail/CVE-2024-20399
OSGeo | JAI-EXT

CVE-2022-24816

OSGeo GeoServer JAI-EXT Code Injection Vulnerability: OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-06-26
  • Due Date: 2024-07-17
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. The patched JAI-EXT is version 1.1.22: https://github.com/geosolutions-it/jai-ext/releases/tag/1.1.22, https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx; https://nvd.nist.gov/vuln/detail/CVE-2022-24816
Linux | Kernel

CVE-2022-2586

Linux Kernel Use-After-Free Vulnerability: Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
  • Date Added: 2024-06-26
  • Due Date: 2024-07-17
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://seclists.org/oss-sec/2022/q3/131; https://nvd.nist.gov/vuln/detail/CVE-2022-2586
Roundcube | Webmail

CVE-2020-13965

Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability: Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment.

Related CWE: CWE-80

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-06-26
  • Due Date: 2024-07-17
Additional Notes
https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12; https://nvd.nist.gov/vuln/detail/CVE-2020-13965
Progress | Telerik Report Server

CVE-2024-4358

Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability: Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.

Related CWE: CWE-290

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-06-13
  • Due Date: 2024-07-04
Additional Notes
https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358; https://nvd.nist.gov/vuln/detail/CVE-2024-4358
Android | Pixel

CVE-2024-32896

Android Pixel Privilege Escalation Vulnerability: Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation.

Related CWE: CWE-783

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
  • Date Added: 2024-06-13
  • Due Date: 2024-07-04
Additional Notes
https://source.android.com/docs/security/bulletin/pixel/2024-06-01; https://nvd.nist.gov/vuln/detail/CVE-2024-32896

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now