CISA Known Exploited Vulnerabilities (KEV)

Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

8.8

HIGH

CVE-2023-5217 - Google Chromium libvpx Heap Buffer Overflow Vulnerability -

Action Due Oct 23, 2023 Target Vendor : Google

Description :Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html; https://nvd.nist.gov/vuln/detail/CVE-2023-5217

Alert Date: Oct 02, 2023 | 936 days ago

9.8

CRITICAL

CVE-2018-14667 - Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability -

Action Due Oct 19, 2023 Target Vendor : Red Hat

Description :Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667; https://nvd.nist.gov/vuln/detail/CVE-2018-14667

Alert Date: Sep 28, 2023 | 940 days ago

7.8

HIGH

CVE-2023-41992 - Apple Multiple Products Kernel Privilege Escalation Vulnerability -

Action Due Oct 16, 2023 Target Vendor : Apple

Description :Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213928, https://support.apple.com/en-us/HT213929, https://support.apple.com/en-us/HT213931, https://support.apple.com/en-us/HT213932; https://nvd.nist.gov/vuln/detail/CVE-2023-41992

Alert Date: Sep 25, 2023 | 943 days ago

8.8

HIGH

CVE-2023-41993 - Apple Multiple Products WebKit Code Execution Vulnerability -

Action Due Oct 16, 2023 Target Vendor : Apple

Description :Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213930; https://nvd.nist.gov/vuln/detail/CVE-2023-41993

Alert Date: Sep 25, 2023 | 943 days ago

5.5

MEDIUM

CVE-2023-41991 - Apple Multiple Products Improper Certificate Validation Vulnerability -

Action Due Oct 16, 2023 Target Vendor : Apple

Description :Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Alert Date: Sep 25, 2023 | 943 days ago

7.2

HIGH

CVE-2023-41179 - Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability -

Action Due Oct 12, 2023 Target Vendor : Trend Micro

Description :Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target system in order to exploit this vulnerability.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2023-41179

Alert Date: Sep 21, 2023 | 947 days ago

8.8

HIGH

CVE-2023-28434 - MinIO Security Feature Bypass Vulnerability -

Action Due Oct 10, 2023 Target Vendor : MinIO

Description :MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket` to conduct privilege escalation. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c; https://nvd.nist.gov/vuln/detail/CVE-2023-28434

Alert Date: Sep 19, 2023 | 949 days ago

9.0

HIGH

CVE-2017-6884 - Zyxel EMG2926 Routers Command Injection Vulnerability -

Action Due Oct 09, 2023 Target Vendor : Zyxel

Description :Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026

Notes :https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe, https://www.zyxelguard.com/Zyxel-EOL.asp; https://nvd.nist.gov/vuln/detail/CVE-2017-6884

Alert Date: Sep 18, 2023 | 950 days ago

9.8

CRITICAL

CVE-2021-3129 - Laravel Ignition File Upload Vulnerability -

Action Due Oct 09, 2023 Target Vendor : Laravel

Description :Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents().

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Known Detected Sep 18, 2023

Notes :https://github.com/facade/ignition/releases/tag/2.5.2; https://nvd.nist.gov/vuln/detail/CVE-2021-3129

Alert Date: Sep 18, 2023 | 950 days ago

7.8

HIGH

CVE-2022-22265 - Samsung Mobile Devices Use-After-Free Vulnerability -

Action Due Oct 09, 2023 Target Vendor : Samsung

Description :Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1; https://nvd.nist.gov/vuln/detail/CVE-2022-22265

Alert Date: Sep 18, 2023 | 950 days ago

10.0

HIGH

CVE-2014-8361 - Realtek SDK Improper Input Validation Vulnerability -

Action Due Oct 09, 2023 Target Vendor : Realtek

Description :Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055; https://nvd.nist.gov/vuln/detail/CVE-2014-8361

Alert Date: Sep 18, 2023 | 950 days ago

7.8

HIGH

CVE-2023-26369 - Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability -

Action Due Oct 05, 2023 Target Vendor : Adobe

Description :Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://helpx.adobe.com/security/products/acrobat/apsb23-34.html; https://nvd.nist.gov/vuln/detail/CVE-2023-26369

Alert Date: Sep 14, 2023 | 954 days ago

9.1

CRITICAL

CVE-2023-20269 - Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability -

Action Due Oct 04, 2023 Target Vendor : Cisco

Description :Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user.

Action :Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices.

Known To Be Used in Ransomware Campaigns? : Known Detected Sep 13, 2023

Notes :https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC; https://nvd.nist.gov/vuln/detail/CVE-2023-20269

Alert Date: Sep 13, 2023 | 955 days ago

8.8

HIGH

CVE-2023-35674 - Android Framework Privilege Escalation Vulnerability -

Action Due Oct 04, 2023 Target Vendor : Android

Description :Android Framework contains an unspecified vulnerability that allows for privilege escalation.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://source.android.com/docs/security/bulletin/2023-09-01; https://nvd.nist.gov/vuln/detail/CVE-2023-35674

Alert Date: Sep 13, 2023 | 955 days ago

8.8

HIGH

CVE-2023-4863 - Google Chromium WebP Heap-Based Buffer Overflow Vulnerability -

Action Due Oct 04, 2023 Target Vendor : Google

Description :Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863

Alert Date: Sep 13, 2023 | 955 days ago

7.8

HIGH

CVE-2023-36802 - Microsoft Streaming Service Proxy Privilege Escalation Vulnerability -

Action Due Oct 03, 2023 Target Vendor : Microsoft

Description :Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802; https://nvd.nist.gov/vuln/detail/CVE-2023-36802

Alert Date: Sep 12, 2023 | 956 days ago

6.5

MEDIUM

CVE-2023-36761 - Microsoft Word Information Disclosure Vulnerability -

Action Due Oct 03, 2023 Target Vendor : Microsoft

Description :Microsoft Word contains an unspecified vulnerability that allows for information disclosure.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761; https://nvd.nist.gov/vuln/detail/CVE-2023-36761

Alert Date: Sep 12, 2023 | 956 days ago

7.8

HIGH

CVE-2023-41064 - Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability -

Action Due Oct 02, 2023 Target Vendor : Apple

Description :Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://support.apple.com/en-us/HT213905, https://support.apple.com/en-us/HT213906; https://nvd.nist.gov/vuln/detail/CVE-2023-41064

Alert Date: Sep 11, 2023 | 957 days ago

7.8

HIGH

CVE-2023-41061 - Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability -

Action Due Oct 02, 2023 Target Vendor : Apple

Description :Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://support.apple.com/en-us/HT213905, https://support.apple.com/kb/HT213907; https://nvd.nist.gov/vuln/detail/CVE-2023-41061

Alert Date: Sep 11, 2023 | 957 days ago

9.8

CRITICAL

CVE-2023-33246 - Apache RocketMQ Command Execution Vulnerability -

Action Due Sep 27, 2023 Target Vendor : Apache

Description :Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as or achieve the same effect by forging the RocketMQ protocol content.

Action :Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp; https://nvd.nist.gov/vuln/detail/CVE-2023-33246

Alert Date: Sep 06, 2023 | 962 days ago

Showing 20 of 1587 Results

Filters

What are you looking for ?

Date Added

Ransomware

Sort By

Browse by Apps

CISA Known Exploited Vulnerabilities (KEV)

8.8

9.8

7.8

8.8

5.5

7.2

8.8

9.0

9.8

7.8

10.0

7.8

9.1

8.8

8.8

7.8

6.5

7.8

7.8

9.8

Filters

Cookie Preferences