CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    9.8

    CVSS31
    CVE-2018-11138 - Quest KACE System Management Appliance Remote Command Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Quest

    Description : The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-11138

    Alert Date: Mar 25, 2022 | 1184 days ago

    8.1

    CVSS31
    CVE-2017-12615 - Apache Tomcat on Windows Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Apache

    Description : When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12615

    Alert Date: Mar 25, 2022 | 1184 days ago

    7.5

    CVSS31
    CVE-2016-0752 - Ruby on Rails Directory Traversal Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Rails

    Description : Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-0752

    Alert Date: Mar 25, 2022 | 1184 days ago

    7.8

    CVSS2
    CVE-2015-0666 - Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Cisco

    Description : Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-0666

    Alert Date: Mar 25, 2022 | 1184 days ago

    9.8

    CVSS31
    CVE-2013-4810 - HP Multiple Products Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Hewlett Packard (HP)

    Description : HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-4810

    Alert Date: Mar 25, 2022 | 1184 days ago

    9.8

    CVSS31
    CVE-2005-2773 - HP OpenView Network Node Manager Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Hewlett Packard (HP)

    Description : HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2005-2773

    Alert Date: Mar 25, 2022 | 1184 days ago

    7.8

    CVSS31
    CVE-2019-1405 - Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1405

    Alert Date: Mar 15, 2022 | 1194 days ago

    7.8

    CVSS31
    CVE-2019-1322 - Microsoft Windows Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1322

    Alert Date: Mar 15, 2022 | 1194 days ago

    7.8

    CVSS31
    CVE-2019-1315 - Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1315

    Alert Date: Mar 15, 2022 | 1194 days ago

    7.8

    CVSS31
    CVE-2019-1253 - Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1253

    Alert Date: Mar 15, 2022 | 1194 days ago

    7.8

    CVSS31
    CVE-2019-1132 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1132

    Alert Date: Mar 15, 2022 | 1194 days ago

    7.8

    CVSS31
    CVE-2019-1069 - Microsoft Task Scheduler Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1069

    Alert Date: Mar 15, 2022 | 1194 days ago

    7.8

    CVSS31
    CVE-2019-1064 - Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1064

    Alert Date: Mar 15, 2022 | 1194 days ago

    7.8

    CVSS31
    CVE-2019-0841 - Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0841

    Alert Date: Mar 15, 2022 | 1194 days ago

    7.8

    CVSS31
    CVE-2019-0543 - Microsoft Windows Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0543

    Alert Date: Mar 15, 2022 | 1194 days ago

    7.0

    CVSS31
    CVE-2018-8120 - Microsoft Win32k Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8120

    Alert Date: Mar 15, 2022 | 1194 days ago

    7.8

    CVSS31
    CVE-2017-0101 - Microsoft Windows Transaction Manager Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0101

    Alert Date: Mar 15, 2022 | 1194 days ago

    7.8

    CVSS31
    CVE-2016-3309 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3309

    Alert Date: Mar 15, 2022 | 1194 days ago

    8.2

    CVSS31
    CVE-2015-2546 - Microsoft Win32k Memory Corruption Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : Microsoft

    Description : The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2546

    Alert Date: Mar 15, 2022 | 1194 days ago

    9.8

    CVSS31
    CVE-2020-5135 - SonicWall SonicOS Buffer Overflow Vulnerability -

    Action Due Apr 05, 2022 Target Vendor : SonicWall

    Description : A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-5135

    Alert Date: Mar 15, 2022 | 1194 days ago
Showing 20 of 1370 Results

Filters

© cvefeed.io
Latest DB Update: Jun. 21, 2025 11:47