CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    8.8

    CVSS31
    CVE-2014-6332 - Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Microsoft

    Description : OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-6332

    Alert Date: Mar 25, 2022 | 1184 days ago

    8.8

    CVSS31
    CVE-2014-6324 - Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Microsoft

    Description : The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-6324

    Alert Date: Mar 25, 2022 | 1184 days ago

    9.8

    CVSS31
    CVE-2014-6287 - Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Rejetto

    Description : The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-6287

    Alert Date: Mar 25, 2022 | 1184 days ago

    8.1

    CVSS31
    CVE-2014-3120 - Elasticsearch Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Elastic

    Description : Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-3120

    Alert Date: Mar 25, 2022 | 1184 days ago

    7.5

    CVSS31
    CVE-2014-0130 - Ruby on Rails Directory Traversal Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Rails

    Description : Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-0130

    Alert Date: Mar 25, 2022 | 1184 days ago

    5.4

    CVSS31
    CVE-2013-5223 - D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : D-Link

    Description : A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-5223

    Alert Date: Mar 25, 2022 | 1184 days ago

    9.8

    CVSS31
    CVE-2013-2251 - Apache Struts Improper Input Validation Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Apache

    Description : Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-2251

    Alert Date: Mar 25, 2022 | 1184 days ago

    9.8

    CVSS31
    CVE-2012-1823 - PHP-CGI Query String Parameter Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : PHP

    Description : sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-1823

    Alert Date: Mar 25, 2022 | 1184 days ago

    7.8

    CVSS31
    CVE-2010-4345 - Exim Privilege Escalation Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Exim

    Description : Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-4345

    Alert Date: Mar 25, 2022 | 1184 days ago

    9.8

    CVSS31
    CVE-2010-4344 - Exim Heap-Based Buffer Overflow Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Exim

    Description : Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-4344

    Alert Date: Mar 25, 2022 | 1184 days ago

    7.5

    CVSS31
    CVE-2010-3035 - Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Cisco

    Description : Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-3035

    Alert Date: Mar 25, 2022 | 1184 days ago

    9.8

    CVSS31
    CVE-2010-2861 - Adobe ColdFusion Directory Traversal Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Adobe

    Description : A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-2861

    Alert Date: Mar 25, 2022 | 1184 days ago

    4.3

    CVSS2
    CVE-2009-2055 - Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Cisco

    Description : Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-2055

    Alert Date: Mar 25, 2022 | 1184 days ago

    9.8

    CVSS31
    CVE-2009-1151 - phpMyAdmin Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : phpMyAdmin

    Description : Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-1151

    Alert Date: Mar 25, 2022 | 1184 days ago

    8.8

    CVSS31
    CVE-2009-0927 - Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Adobe

    Description : Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-0927

    Alert Date: Mar 25, 2022 | 1184 days ago

    9.8

    CVSS31
    CVE-2022-26318 - WatchGuard Firebox and XTM Appliances Arbitrary Code Execution -

    Action Due Apr 15, 2022 Target Vendor : WatchGuard

    Description : On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-26318

    Alert Date: Mar 25, 2022 | 1184 days ago

    9.8

    CVSS31
    CVE-2020-9054 - Zyxel Multiple NAS Devices OS Command Injection Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Zyxel

    Description : Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-9054

    Alert Date: Mar 25, 2022 | 1184 days ago

    9.8

    CVSS31
    CVE-2020-1631 - Juniper Junos OS Path Traversal Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Juniper

    Description : A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-1631

    Alert Date: Mar 25, 2022 | 1184 days ago

    7.2

    CVSS31
    CVE-2019-2616 - Oracle BI Publisher Unauthorized Access Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Oracle

    Description : Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-2616

    Alert Date: Mar 25, 2022 | 1184 days ago

    9.8

    CVSS31
    CVE-2019-11043 - PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : PHP

    Description : In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-11043

    Alert Date: Mar 25, 2022 | 1184 days ago
Showing 20 of 1370 Results

Filters

© cvefeed.io
Latest DB Update: Jun. 21, 2025 11:46