CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    8.8

    CVSS31
    CVE-2015-2502 - Microsoft Internet Explorer Memory Corruption Vulnerability -

    Action Due May 04, 2022 Target Vendor : Microsoft

    Description : Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2502

    Alert Date: Apr 13, 2022 | 1165 days ago

    9.8

    CVSS31
    CVE-2015-0313 - Adobe Flash Player Use-After-Free Vulnerability -

    Action Due May 04, 2022 Target Vendor : Adobe

    Description : Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-0313

    Alert Date: Apr 13, 2022 | 1165 days ago

    9.8

    CVSS31
    CVE-2015-0311 - Adobe Flash Player Remote Code Execution Vulnerability -

    Action Due May 04, 2022 Target Vendor : Adobe

    Description : Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-0311

    Alert Date: Apr 13, 2022 | 1165 days ago

    9.8

    CVSS31
    CVE-2014-9163 - Adobe Flash Player Stack-Based Buffer Overflow Vulnerability -

    Action Due May 04, 2022 Target Vendor : Adobe

    Description : Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-9163

    Alert Date: Apr 13, 2022 | 1165 days ago

    7.8

    CVSS31
    CVE-2022-24521 - Microsoft Windows CLFS Driver Privilege Escalation Vulnerability -

    Action Due May 04, 2022 Target Vendor : Microsoft

    Description : Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-24521

    Alert Date: Apr 13, 2022 | 1165 days ago

    9.8

    CVSS31
    CVE-2015-5123 - Adobe Flash Player Use-After-Free Vulnerability -

    Action Due May 04, 2022 Target Vendor : Adobe

    Description : Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS).

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-5123

    Alert Date: Apr 13, 2022 | 1165 days ago

    8.8

    CVSS31
    CVE-2022-23176 - WatchGuard Firebox and XTM Privilege Escalation Vulnerability -

    Action Due May 02, 2022 Target Vendor : WatchGuard

    Description : WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-23176

    Alert Date: Apr 11, 2022 | 1167 days ago

    8.8

    CVSS31
    CVE-2021-42287 - Microsoft Active Directory Domain Services Privilege Escalation Vulnerability -

    Action Due May 02, 2022 Target Vendor : Microsoft

    Description : Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42287

    Alert Date: Apr 11, 2022 | 1167 days ago

    7.5

    CVSS31
    CVE-2021-42278 - Microsoft Active Directory Domain Services Privilege Escalation Vulnerability -

    Action Due May 02, 2022 Target Vendor : Microsoft

    Description : Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42278

    Alert Date: Apr 11, 2022 | 1167 days ago

    7.8

    CVSS31
    CVE-2021-39793 - Google Pixel Out-of-Bounds Write Vulnerability -

    Action Due May 02, 2022 Target Vendor : Google

    Description : Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-39793

    Alert Date: Apr 11, 2022 | 1167 days ago

    9.8

    CVSS31
    CVE-2021-27852 - Checkbox Survey Deserialization of Untrusted Data Vulnerability -

    Action Due May 02, 2022 Target Vendor : Checkbox

    Description : Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code.

    Action : Versions 6 and earlier for this product are end-of-life and must be removed from agency networks. Versions 7 and later are not considered vulnerable.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27852

    Alert Date: Apr 11, 2022 | 1167 days ago

    7.0

    CVSS31
    CVE-2021-22600 - Linux Kernel Privilege Escalation Vulnerability -

    Action Due May 02, 2022 Target Vendor : Linux

    Description : Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22600

    Alert Date: Apr 11, 2022 | 1167 days ago

    9.8

    CVSS31
    CVE-2020-2509 - QNAP Network-Attached Storage (NAS) Command Injection Vulnerability -

    Action Due May 02, 2022 Target Vendor : QNAP

    Description : QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-2509

    Alert Date: Apr 11, 2022 | 1167 days ago

    9.8

    CVSS31
    CVE-2017-11317 - Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability -

    Action Due May 02, 2022 Target Vendor : Telerik

    Description : Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-11317

    Alert Date: Apr 11, 2022 | 1167 days ago

    7.8

    CVSS31
    CVE-2021-3156 - Sudo Heap-Based Buffer Overflow Vulnerability -

    Action Due Apr 27, 2022 Target Vendor : Sudo

    Description : Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-3156

    Alert Date: Apr 06, 2022 | 1172 days ago

    8.1

    CVSS31
    CVE-2017-0148 - Microsoft SMBv1 Server Remote Code Execution Vulnerability -

    Action Due Apr 27, 2022 Target Vendor : Microsoft

    Description : The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0148

    Alert Date: Apr 06, 2022 | 1172 days ago

    9.8

    CVSS31
    CVE-2021-31166 - Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability -

    Action Due Apr 27, 2022 Target Vendor : Microsoft

    Description : Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31166

    Alert Date: Apr 06, 2022 | 1172 days ago

    9.8

    CVSS31
    CVE-2022-22965 - Spring Framework JDK 9+ Remote Code Execution Vulnerability -

    Action Due Apr 25, 2022 Target Vendor : VMware

    Description : Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-22965

    Alert Date: Apr 04, 2022 | 1174 days ago

    7.8

    CVSS31
    CVE-2022-22675 - Apple macOS Out-of-Bounds Write Vulnerability -

    Action Due Apr 25, 2022 Target Vendor : Apple

    Description : macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-22675

    Alert Date: Apr 04, 2022 | 1174 days ago

    5.5

    CVSS31
    CVE-2022-22674 - Apple macOS Out-of-Bounds Read Vulnerability -

    Action Due Apr 25, 2022 Target Vendor : Apple

    Description : macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-22674

    Alert Date: Apr 04, 2022 | 1174 days ago
Showing 20 of 1370 Results

Filters

© cvefeed.io
Latest DB Update: Jun. 21, 2025 18:03