Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

Apple | Multiple Products

CVE-2021-30883

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Microsoft | Windows

CVE-2020-1027

Microsoft Windows Kernel Privilege Escalation Vulnerability: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Microsoft | Update Notification Manager

CVE-2020-0638

Microsoft Update Notification Manager Privilege Escalation Vulnerability: Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Apple | Multiple Products

CVE-2019-7286

Apple Multiple Products Memory Corruption Vulnerability: Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Apple | iOS

CVE-2019-7287

Apple iOS Memory Corruption Vulnerability: Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Microsoft | Internet Explorer

CVE-2019-0676

Microsoft Internet Explorer Information Disclosure Vulnerability: An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Google | Chrome Blink

CVE-2019-5786

Google Chrome Blink Use-After-Free Vulnerability: Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Microsoft | Windows

CVE-2019-0703

Microsoft Windows SMB Information Disclosure Vulnerability: An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Microsoft | Windows

CVE-2019-0880

Microsoft Windows Privilege Escalation Vulnerability: A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Google | Chrome WebAudio

CVE-2019-13720

Google Chrome WebAudio Use-After-Free Vulnerability: Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Related CWE: CWE-416

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Mozilla | Firefox and Thunderbird

CVE-2019-11707

Mozilla Firefox and Thunderbird Type Confusion Vulnerability: Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash.

Related CWE: CWE-843

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Mozilla | Firefox and Thunderbird

CVE-2019-11708

Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability: Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution.

Related CWE: CWE-20

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

WebKitGTK | WebKitGTK

CVE-2019-8720

WebKitGTK Memory Corruption Vulnerability: WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution.

Related CWE: CWE-119

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Meta Platforms | WhatsApp

CVE-2019-18426

WhatsApp Cross-Site Scripting Vulnerability: A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading.

Related CWE: CWE-79

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Microsoft | Windows

CVE-2019-1385

Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Microsoft | Windows

CVE-2019-1130

Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links.

Related CWE: CWE-59

Known To Be Used in Ransomware Campaigns? Known

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Adobe | Flash Player

CVE-2018-5002

Adobe Flash Player Stack-based Buffer Overflow Vulnerability: Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution.

Related CWE: CWE-787

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life and should be disconnected if still in use.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Microsoft | Win32k

CVE-2018-8589

Microsoft Win32k Privilege Escalation Vulnerability: A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-23
Due Date: 2022-06-13

Additional Notes

Zyxel | Multiple Firewalls

CVE-2022-30525

Zyxel Multiple Firewalls OS Command Injection Vulnerability: A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.

Related CWE: CWE-78

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-16
Due Date: 2022-06-06

Additional Notes

VMware | Spring Cloud Gateway

CVE-2022-22947

VMware Spring Cloud Gateway Code Injection Vulnerability: Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured.

Related CWE: CWE-94

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply updates per vendor instructions.

Date Added: 2022-05-16
Due Date: 2022-06-06

Additional Notes

Known Exploited Vulnerabilities Catalog

Subscribe to the KEV Catalog Updates