CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
10.0
CVE-2022-29499 - Mitel MiVoice Connect Data Validation Vulnerability -
Action Due Jul 18, 2022 Target Vendor : Mitel
Description :The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Jun 27, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-29499
9.3
CVE-2021-30983 - Apple iOS and iPadOS Buffer Overflow Vulnerability -
Action Due Jul 18, 2022 Target Vendor : Apple
Description :Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30983
9.3
CVE-2020-3837 - Apple Multiple Products Memory Corruption Vulnerability -
Action Due Jul 18, 2022 Target Vendor : Apple
Description :Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3837
9.3
CVE-2022-30190 - Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability -
Action Due Jul 05, 2022 Target Vendor : Microsoft
Description :A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026
Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-30190
9.9
CVE-2021-38163 - SAP NetWeaver Unrestricted File Upload Vulnerability -
Action Due Jun 30, 2022 Target Vendor : SAP
Description :SAP NetWeaver contains a vulnerability that allows unrestricted file upload.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-38163
5.3
CVE-2016-2388 - SAP NetWeaver Information Disclosure Vulnerability -
Action Due Jun 30, 2022 Target Vendor : SAP
Description :The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-2388
9.8
CVE-2016-2386 - SAP NetWeaver SQL Injection Vulnerability -
Action Due Jun 30, 2022 Target Vendor : SAP
Description :SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-2386
8.8
CVE-2006-2492 - Microsoft Word Malformed Object Pointer Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2006-2492
9.3
CVE-2007-5659 - Adobe Acrobat and Reader Buffer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2007-5659
9.3
CVE-2009-1862 - Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS).
Action :For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-1862
9.3
CVE-2009-4324 - Adobe Acrobat and Reader Use-After-Free Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-4324
9.3
CVE-2010-1297 - Adobe Flash Player Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-1297
9.3
CVE-2011-0609 - Adobe Flash Player Unspecified Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2011-0609
10.0
CVE-2011-2462 - Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS).
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2011-2462
9.3
CVE-2012-0151 - Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-0151
9.3
CVE-2012-0754 - Adobe Flash Player Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS).
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-0754
6.1
CVE-2012-0767 - Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-0767
9.3
CVE-2012-1889 - Microsoft XML Core Services Memory Corruption Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-1889
9.3
CVE-2012-4969 - Microsoft Internet Explorer Use-After-Free Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Microsoft
Description :Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-4969
9.3
CVE-2012-5054 - Adobe Flash Player Integer Overflow Vulnerability -
Action Due Jun 22, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-5054