Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Showing 501 - 520 of 1360
Microsoft | Defender

CVE-2022-44698

Microsoft Defender SmartScreen Security Feature Bypass Vulnerability: Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.

Related CWE: CWE-755

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-12-13
  • Due Date: 2023-01-03
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698; https://nvd.nist.gov/vuln/detail/CVE-2022-44698
Fortinet | FortiOS

CVE-2022-42475

Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability: Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.

Related CWE: CWE-197

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-12-13
  • Due Date: 2023-01-03
Additional Notes
https://www.fortiguard.com/psirt/FG-IR-22-398; https://nvd.nist.gov/vuln/detail/CVE-2022-42475
Google | Chromium V8

CVE-2022-4262

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWEs: CWE-122| CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-12-05
  • Due Date: 2022-12-26
Additional Notes
https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html; https://nvd.nist.gov/vuln/detail/CVE-2022-4262
Google | Chromium GPU

CVE-2022-4135

Google Chromium GPU Heap Buffer Overflow Vulnerability: Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-28
  • Due Date: 2022-12-19
Additional Notes
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html; https://nvd.nist.gov/vuln/detail/CVE-2022-4135
Oracle | Fusion Middleware

CVE-2021-35587

Oracle Fusion Middleware Unspecified Vulnerability: Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.

Related CWEs: CWE-502| CWE-790

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-28
  • Due Date: 2022-12-19
Additional Notes
https://www.oracle.com/security-alerts/cpujan2022.html; https://nvd.nist.gov/vuln/detail/CVE-2021-35587
Microsoft | Windows

CVE-2022-41049

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Related CWE: CWE-274

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-14
  • Due Date: 2022-12-09
Additional Notes
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41049; https://nvd.nist.gov/vuln/detail/CVE-2022-41049
Microsoft | Windows

CVE-2022-41128

Microsoft Windows Scripting Languages Remote Code Execution Vulnerability: Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-12-09
Additional Notes
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128; https://nvd.nist.gov/vuln/detail/CVE-2022-41128
Microsoft | Windows

CVE-2022-41091

Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features.

Related CWE: CWE-863

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-12-09
Additional Notes
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41091; https://nvd.nist.gov/vuln/detail/CVE-2022-41091
Microsoft | Windows

CVE-2022-41073

Microsoft Windows Print Spooler Privilege Escalation Vulnerability: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-12-09
Additional Notes
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41073; https://nvd.nist.gov/vuln/detail/CVE-2022-41073
Microsoft | Windows

CVE-2022-41125

Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability: Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-12-09
Additional Notes
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41125; https://nvd.nist.gov/vuln/detail/CVE-2022-41125
Samsung | Mobile Devices

CVE-2021-25337

Samsung Mobile Devices Improper Access Control Vulnerability: Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.

Related CWE: CWE-269

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-11-29
Additional Notes
https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25337
Samsung | Mobile Devices

CVE-2021-25369

Samsung Mobile Devices Improper Access Control Vulnerability: Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.

Related CWE: CWE-200

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-11-29
Additional Notes
https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25369
Samsung | Mobile Devices

CVE-2021-25370

Samsung Mobile Devices Memory Corruption Vulnerability: Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-11-08
  • Due Date: 2022-11-29
Additional Notes
https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25370
Google | Chromium V8

CVE-2022-3723

Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Related CWEs: CWE-122| CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-28
  • Due Date: 2022-11-18
Additional Notes
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html; https://nvd.nist.gov/vuln/detail/CVE-2022-3723
Apple | iOS and iPadOS

CVE-2022-42827

Apple iOS and iPadOS Out-of-Bounds Write Vulnerability: Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges.

Related CWEs: CWE-20| CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-25
  • Due Date: 2022-11-15
Additional Notes
https://support.apple.com/en-us/HT213489; https://nvd.nist.gov/vuln/detail/CVE-2022-42827
GIGABYTE | Multiple Products

CVE-2018-19320

GIGABYTE Multiple Products Unspecified Vulnerability: The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19320
Cisco | AnyConnect Secure

CVE-2020-3433

Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability: Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges.

Related CWE: CWE-427

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW; https://nvd.nist.gov/vuln/detail/CVE-2020-3433
Cisco | AnyConnect Secure

CVE-2020-3153

Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability: Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks.

Related CWE: CWE-427

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj; https://nvd.nist.gov/vuln/detail/CVE-2020-3153
GIGABYTE | Multiple Products

CVE-2018-19323

GIGABYTE Multiple Products Privilege Escalation Vulnerability: The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19323
GIGABYTE | Multiple Products

CVE-2018-19321

GIGABYTE Multiple Products Privilege Escalation Vulnerability: The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.
  • Date Added: 2022-10-24
  • Due Date: 2022-11-14
Additional Notes
https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19321

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now