CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    9.8

    CVSS31
    CVE-2020-7247 - OpenSMTPD Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : OpenBSD

    Description : smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-7247

    Alert Date: Mar 25, 2022 | 1208 days ago

    7.5

    CVSS31
    CVE-2020-5410 - VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : VMware Tanzu

    Description : Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-5410

    Alert Date: Mar 25, 2022 | 1208 days ago

    9.8

    CVSS31
    CVE-2020-25223 - Sophos SG UTM Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Sophos

    Description : A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-25223

    Alert Date: Mar 25, 2022 | 1208 days ago

    9.8

    CVSS31
    CVE-2020-2506 - QNAP Helpdesk Improper Access Control Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : QNAP Systems

    Description : QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-2506

    Alert Date: Mar 25, 2022 | 1208 days ago

    8.1

    CVSS31
    CVE-2019-6340 - Drupal Core Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Drupal

    Description : In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-6340

    Alert Date: Mar 25, 2022 | 1208 days ago

    9.8

    CVSS31
    CVE-2019-16920 - D-Link Multiple Routers Command Injection Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : D-Link

    Description : Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-16920

    Alert Date: Mar 25, 2022 | 1208 days ago

    9.8

    CVSS31
    CVE-2019-15107 - Webmin Command Injection Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Webmin

    Description : An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-15107

    Alert Date: Mar 25, 2022 | 1208 days ago

    8.8

    CVSS31
    CVE-2019-12991 - Citrix SD-WAN and NetScaler Command Injection Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Citrix

    Description : Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-12991

    Alert Date: Mar 25, 2022 | 1208 days ago

    9.8

    CVSS31
    CVE-2019-12989 - Citrix SD-WAN and NetScaler SQL Injection Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Citrix

    Description : Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-12989

    Alert Date: Mar 25, 2022 | 1208 days ago

    9.8

    CVSS31
    CVE-2019-10068 - Kentico Xperience Deserialization of Untrusted Data Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Kentico

    Description : Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-10068

    Alert Date: Mar 25, 2022 | 1208 days ago

    9.9

    CVSS31
    CVE-2019-1003030 - Jenkins Matrix Project Plugin Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Jenkins

    Description : Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1003030

    Alert Date: Mar 25, 2022 | 1208 days ago

    8.8

    CVSS31
    CVE-2019-0903 - Microsoft GDI Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Microsoft

    Description : A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0903

    Alert Date: Mar 25, 2022 | 1208 days ago

    8.8

    CVSS31
    CVE-2018-8414 - Microsoft Windows Shell Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Microsoft

    Description : A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8414

    Alert Date: Mar 25, 2022 | 1208 days ago

    7.5

    CVSS31
    CVE-2018-8373 - Microsoft Scripting Engine Memory Corruption Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Microsoft

    Description : A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8373

    Alert Date: Mar 25, 2022 | 1208 days ago

    8.1

    CVSS31
    CVE-2018-6961 - VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : VMware

    Description : VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-6961

    Alert Date: Mar 25, 2022 | 1208 days ago

    9.8

    CVSS31
    CVE-2018-14839 - LG N1A1 NAS Remote Command Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : LG

    Description : LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-14839

    Alert Date: Mar 25, 2022 | 1208 days ago

    9.8

    CVSS31
    CVE-2018-1273 - VMware Tanzu Spring Data Commons Property Binder Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : VMware Tanzu

    Description : Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-1273

    Alert Date: Mar 25, 2022 | 1208 days ago

    9.8

    CVSS31
    CVE-2018-0147 - Cisco Secure Access Control System Java Deserialization Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Cisco

    Description : A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0147

    Alert Date: Mar 25, 2022 | 1208 days ago

    9.8

    CVSS31
    CVE-2018-0125 - Cisco VPN Routers Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Cisco

    Description : A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-0125

    Alert Date: Mar 25, 2022 | 1208 days ago

    8.8

    CVSS31
    CVE-2017-6334 - NETGEAR DGN2200 Devices OS Command Injection Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : NETGEAR

    Description : dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6334

    Alert Date: Mar 25, 2022 | 1208 days ago
Showing 20 of 1383 Results

Filters

© cvefeed.io
Latest DB Update: Jul. 15, 2025 22:33