CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.3
CVE-2021-30900 - Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Apple
Description : Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/HT21286, https://support.apple.com/en-us/HT212868, https://support.apple.com/kb/HT212872; https://nvd.nist.gov/vuln/detail/CVE-2021-30900
8.8
CVE-2022-38181 - Arm Mali GPU Kernel Driver Use-After-Free Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Arm
Description : Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2022-38181
7.9
CVE-2023-0266 - Linux Kernel Use-After-Free Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Linux
Description : Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4; https://nvd.nist.gov/vuln/detail/CVE-2023-0266
8.8
CVE-2022-3038 - Google Chromium Network Service Use-After-Free Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Google
Description : Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html; https://nvd.nist.gov/vuln/detail/CVE-2022-3038
9.8
CVE-2022-42948 - Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Fortra
Description : Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/; https://nvd.nist.gov/vuln/detail/CVE-2022-42948
7.8
CVE-2022-22706 - Arm Mali GPU Kernel Driver Unspecified Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Arm
Description : Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2022-22706
9.8
CVE-2023-26360 - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability -
Action Due Apr 05, 2023 Target Vendor : Adobe
Description : Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html; https://nvd.nist.gov/vuln/detail/CVE-2023-26360
7.1
CVE-2022-41328 - Fortinet FortiOS Path Traversal Vulnerability -
Action Due Apr 04, 2023 Target Vendor : Fortinet
Description : Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.fortiguard.com/psirt/FG-IR-22-369; https://nvd.nist.gov/vuln/detail/CVE-2022-41328
9.8
CVE-2023-23397 - Microsoft Office Outlook Privilege Escalation Vulnerability -
Action Due Apr 04, 2023 Target Vendor : Microsoft
Description : Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ; https://nvd.nist.gov/vuln/detail/CVE-2023-23397
4.4
CVE-2023-24880 - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability -
Action Due Apr 04, 2023 Target Vendor : Microsoft
Description : Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 14, 2023
Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880; https://nvd.nist.gov/vuln/detail/CVE-2023-24880
8.5
CVE-2021-39144 - XStream Remote Code Execution Vulnerability -
Action Due Mar 31, 2023 Target Vendor : XStream
Description : XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.vmware.com/security/advisories/VMSA-2022-0027.html, https://x-stream.github.io/CVE-2021-39144.html; https://nvd.nist.gov/vuln/detail/CVE-2021-39144
7.2
CVE-2020-5741 - Plex Media Server Remote Code Execution Vulnerability -
Action Due Mar 31, 2023 Target Vendor : Plex
Description : Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819; https://nvd.nist.gov/vuln/detail/CVE-2020-5741
7.1
CVE-2022-28810 - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability -
Action Due Mar 28, 2023 Target Vendor : Zoho
Description : Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28810.html; https://nvd.nist.gov/vuln/detail/CVE-2022-28810
8.8
CVE-2022-33891 - Apache Spark Command Injection Vulnerability -
Action Due Mar 28, 2023 Target Vendor : Apache
Description : Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc; https://nvd.nist.gov/vuln/detail/CVE-2022-33891
9.8
CVE-2022-35914 - Teclib GLPI Remote Code Execution Vulnerability -
Action Due Mar 28, 2023 Target Vendor : Teclib
Description : Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://glpi-project.org/fr/glpi-10-0-3-disponible/, http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed.; https://nvd.nist.gov/vuln/detail/CVE-2022-35914
7.5
CVE-2022-36537 - ZK Framework AuUploader Unspecified Vulnerability -
Action Due Mar 20, 2023 Target Vendor : ZK Framework
Description : ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 27, 2023
Notes : https://tracker.zkoss.org/browse/ZK-5150; https://nvd.nist.gov/vuln/detail/CVE-2022-36537
6.8
CVE-2022-41223 - Mitel MiVoice Connect Code Injection Vulnerability -
Action Due Mar 14, 2023 Target Vendor : Mitel
Description : The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 21, 2023
Notes : https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008; https://nvd.nist.gov/vuln/detail/CVE-2022-41223
9.8
CVE-2022-47986 - IBM Aspera Faspex Code Execution Vulnerability -
Action Due Mar 14, 2023 Target Vendor : IBM
Description : IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 21, 2023
Notes : https://exchange.xforce.ibmcloud.com/vulnerabilities/243512?_ga=2.189195179.1800390251.1676559338-700333034.1676325890; https://nvd.nist.gov/vuln/detail/CVE-2022-47986
6.8
CVE-2022-40765 - Mitel MiVoice Connect Command Injection Vulnerability -
Action Due Mar 14, 2023 Target Vendor : Mitel
Description : The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 21, 2023
Notes : https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007; https://nvd.nist.gov/vuln/detail/CVE-2022-40765
9.8
CVE-2022-46169 - Cacti Command Injection Vulnerability -
Action Due Mar 09, 2023 Target Vendor : Cacti
Description : Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf; https://nvd.nist.gov/vuln/detail/CVE-2022-46169