Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Microsoft | Exchange Server

CVE-2021-26858

Microsoft Exchange Server Remote Code Execution Vulnerability: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-04-16

Additional Notes

Microsoft | Exchange Server

CVE-2021-27065

Related CWE: CWE-39

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-04-16

Additional Notes

Microsoft | Win32k

CVE-2020-1054

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Windows

CVE-2021-1675

Microsoft Windows Print Spooler Remote Code Execution Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.

Related CWE: CWE-285

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Windows

CVE-2021-34448

Microsoft Windows Scripting Engine Memory Corruption Vulnerability: Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Windows

CVE-2020-0601

Microsoft Windows CryptoAPI Spoofing Vulnerability: Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall.

Related CWE: CWE-295

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2020-01-29

Additional Notes

Microsoft | SharePoint

CVE-2019-0604

Microsoft SharePoint Remote Code Execution Vulnerability: Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | .NET Framework

CVE-2020-0646

Microsoft .NET Framework Remote Code Execution Vulnerability: Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.

Related CWE: CWE-91

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Win32k

CVE-2019-0808

Microsoft Win32k Privilege Escalation Vulnerability: Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Exchange Server

CVE-2021-26857

Related CWE: CWE-502

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-04-16

Additional Notes

Microsoft | .NET Framework, SharePoint, Visual Studio

CVE-2020-1147

Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability: Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserialization of the XML content.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Windows

CVE-2019-1214

Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Office

CVE-2016-3235

Microsoft Office OLE DLL Side Loading Vulnerability: Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution.

Related CWE: CWE-264

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Windows

CVE-2019-0863

Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability: Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Microsoft | Windows

CVE-2021-36955

Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Microsoft | Open Management Infrastructure (OMI)

CVE-2021-38648

Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation.

Related CWE: CWE-1390

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2021-11-17

Additional Notes

Mozilla | Firefox and Thunderbird

CVE-2020-6819

Mozilla Firefox And Thunderbird Use-After-Free Vulnerability: Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.

Related CWEs: CWE-362| CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Mozilla | Firefox and Thunderbird

CVE-2020-6820

Mozilla Firefox And Thunderbird Use-After-Free Vulnerability: Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.

Related CWE: CWE-362

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Mozilla | Firefox and Thunderbird

CVE-2019-17026

Mozilla Firefox And Thunderbird Type Confusion Vulnerability: Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Nagios | Nagios XI

CVE-2019-15949

Nagios XI Remote Code Execution Vulnerability: Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2021-11-03
Due Date: 2022-05-03

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates