CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
8.8
CVE-2021-42287 - Microsoft Active Directory Domain Services Privilege Escalation Vulnerability -
Action Due May 02, 2022 Target Vendor : Microsoft
Description : Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42287
7.5
CVE-2021-42278 - Microsoft Active Directory Domain Services Privilege Escalation Vulnerability -
Action Due May 02, 2022 Target Vendor : Microsoft
Description : Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42278
7.8
CVE-2021-39793 - Google Pixel Out-of-Bounds Write Vulnerability -
Action Due May 02, 2022 Target Vendor : Google
Description : Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-39793
9.8
CVE-2021-27852 - Checkbox Survey Deserialization of Untrusted Data Vulnerability -
Action Due May 02, 2022 Target Vendor : Checkbox
Description : Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code.
Action : Versions 6 and earlier for this product are end-of-life and must be removed from agency networks. Versions 7 and later are not considered vulnerable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27852
7.2
CVE-2021-22600 - Linux Kernel Privilege Escalation Vulnerability -
Action Due May 02, 2022 Target Vendor : Linux
Description : Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22600
9.8
CVE-2020-2509 - QNAP Network-Attached Storage (NAS) Command Injection Vulnerability -
Action Due May 02, 2022 Target Vendor : QNAP
Description : QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-2509
9.8
CVE-2017-11317 - Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability -
Action Due May 02, 2022 Target Vendor : Telerik
Description : Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-11317
7.8
CVE-2021-3156 - Sudo Heap-Based Buffer Overflow Vulnerability -
Action Due Apr 27, 2022 Target Vendor : Sudo
Description : Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-3156
9.3
CVE-2017-0148 - Microsoft SMBv1 Server Remote Code Execution Vulnerability -
Action Due Apr 27, 2022 Target Vendor : Microsoft
Description : The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0148
9.8
CVE-2021-31166 - Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability -
Action Due Apr 27, 2022 Target Vendor : Microsoft
Description : Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31166
9.8
CVE-2022-22965 - Spring Framework JDK 9+ Remote Code Execution Vulnerability -
Action Due Apr 25, 2022 Target Vendor : VMware
Description : Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-22965
9.3
CVE-2022-22675 - Apple macOS Out-of-Bounds Write Vulnerability -
Action Due Apr 25, 2022 Target Vendor : Apple
Description : macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-22675
5.5
CVE-2022-22674 - Apple macOS Out-of-Bounds Read Vulnerability -
Action Due Apr 25, 2022 Target Vendor : Apple
Description : macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-22674
10.0
CVE-2021-45382 - D-Link Multiple Routers Remote Code Execution Vulnerability -
Action Due Apr 25, 2022 Target Vendor : D-Link
Description : A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-45382
9.8
CVE-2022-1040 - Sophos Firewall Authentication Bypass Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Sophos
Description : An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-1040
7.8
CVE-2021-34484 - Microsoft Windows User Profile Service Privilege Escalation Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Microsoft
Description : Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-34484
8.8
CVE-2021-21551 - Dell dbutil Driver Insufficient Access Control Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Dell
Description : Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21551
9.8
CVE-2018-10561 - Dasan GPON Routers Authentication Bypass Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Dasan
Description : Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-10561
9.8
CVE-2022-26871 - Trend Micro Apex Central Arbitrary File Upload Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Trend Micro
Description : An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-26871
10.0
CVE-2021-28799 - QNAP NAS Improper Authorization Vulnerability -
Action Due Apr 21, 2022 Target Vendor : QNAP
Description : QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-28799