CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    9.8

    CVSS31
    CVE-2018-10562 - Dasan GPON Routers Command Injection Vulnerability -

    Action Due Apr 21, 2022 Target Vendor : Dasan

    Description : Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-10562

    Alert Date: Mar 31, 2022 | 1202 days ago

    10.0

    CVSS31
    CVE-2022-0543 - Debian-specific Redis Server Lua Sandbox Escape Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Redis

    Description : Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-0543

    Alert Date: Mar 28, 2022 | 1205 days ago

    7.8

    CVSS31
    CVE-2021-38646 - Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-38646

    Alert Date: Mar 28, 2022 | 1205 days ago

    7.8

    CVSS31
    CVE-2021-34486 - Microsoft Windows Event Tracing Privilege Escalation Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-34486

    Alert Date: Mar 28, 2022 | 1205 days ago

    9.8

    CVSS31
    CVE-2021-20028 - SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : SonicWall

    Description : SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-20028

    Alert Date: Mar 28, 2022 | 1205 days ago

    7.5

    CVSS31
    CVE-2019-7483 - SonicWall SMA100 Directory Traversal Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : SonicWall

    Description : In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7483

    Alert Date: Mar 28, 2022 | 1205 days ago

    7.8

    CVSS31
    CVE-2018-8440 - Microsoft Windows Privilege Escalation Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8440

    Alert Date: Mar 28, 2022 | 1205 days ago

    7.8

    CVSS31
    CVE-2018-8406 - Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8406

    Alert Date: Mar 28, 2022 | 1205 days ago

    7.8

    CVSS31
    CVE-2018-8405 - Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8405

    Alert Date: Mar 28, 2022 | 1205 days ago

    7.3

    CVSS31
    CVE-2017-0213 - Microsoft Windows Privilege Escalation Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0213

    Alert Date: Mar 28, 2022 | 1205 days ago

    4.3

    CVSS31
    CVE-2017-0059 - Microsoft Internet Explorer Information Disclosure Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0059

    Alert Date: Mar 28, 2022 | 1205 days ago

    8.1

    CVSS31
    CVE-2017-0037 - Microsoft Edge and Internet Explorer Type Confusion Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0037

    Alert Date: Mar 28, 2022 | 1205 days ago

    8.8

    CVSS31
    CVE-2016-7200 - Microsoft Edge Memory Corruption Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-7200

    Alert Date: Mar 28, 2022 | 1205 days ago

    7.5

    CVSS31
    CVE-2016-0189 - Microsoft Internet Explorer Memory Corruption Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-0189

    Alert Date: Mar 28, 2022 | 1205 days ago

    7.8

    CVSS31
    CVE-2016-0151 - Microsoft Windows CSRSS Security Feature Bypass Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-0151

    Alert Date: Mar 28, 2022 | 1205 days ago

    7.8

    CVSS31
    CVE-2016-0040 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : The kernel in Microsoft Windows allows local users to gain privileges via a crafted application.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-0040

    Alert Date: Mar 28, 2022 | 1205 days ago

    8.8

    CVSS31
    CVE-2015-2426 - Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2426

    Alert Date: Mar 28, 2022 | 1205 days ago

    8.8

    CVSS31
    CVE-2015-2419 - Microsoft Internet Explorer Memory Corruption Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2419

    Alert Date: Mar 28, 2022 | 1205 days ago

    8.8

    CVSS31
    CVE-2015-1770 - Microsoft Office Uninitialized Memory Use Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Microsoft

    Description : Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1770

    Alert Date: Mar 28, 2022 | 1205 days ago

    9.8

    CVSS31
    CVE-2013-2729 - Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability -

    Action Due Apr 18, 2022 Target Vendor : Adobe

    Description : Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-2729

    Alert Date: Mar 28, 2022 | 1205 days ago
Showing 20 of 1383 Results

Filters

© cvefeed.io
Latest DB Update: Jul. 15, 2025 22:32