CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
7.2
CVE-2021-22600 - Linux Kernel Privilege Escalation Vulnerability -
Action Due May 02, 2022 Target Vendor : Linux
Description : Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22600
9.8
CVE-2021-27852 - Checkbox Survey Deserialization of Untrusted Data Vulnerability -
Action Due May 02, 2022 Target Vendor : Checkbox
Description : Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code.
Action : Versions 6 and earlier for this product are end-of-life and must be removed from agency networks. Versions 7 and later are not considered vulnerable.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27852
8.8
CVE-2021-42287 - Microsoft Active Directory Domain Services Privilege Escalation Vulnerability -
Action Due May 02, 2022 Target Vendor : Microsoft
Description : Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Apr 11, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42287
9.0
CVE-2022-23176 - WatchGuard Firebox and XTM Privilege Escalation Vulnerability -
Action Due May 02, 2022 Target Vendor : WatchGuard
Description : WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-23176
7.8
CVE-2021-3156 - Sudo Heap-Based Buffer Overflow Vulnerability -
Action Due Apr 27, 2022 Target Vendor : Sudo
Description : Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-3156
9.8
CVE-2021-31166 - Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability -
Action Due Apr 27, 2022 Target Vendor : Microsoft
Description : Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31166
9.3
CVE-2017-0148 - Microsoft SMBv1 Server Remote Code Execution Vulnerability -
Action Due Apr 27, 2022 Target Vendor : Microsoft
Description : The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Apr 06, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0148
9.3
CVE-2022-22675 - Apple macOS Out-of-Bounds Write Vulnerability -
Action Due Apr 25, 2022 Target Vendor : Apple
Description : macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-22675
10.0
CVE-2021-45382 - D-Link Multiple Routers Remote Code Execution Vulnerability -
Action Due Apr 25, 2022 Target Vendor : D-Link
Description : A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-45382
5.5
CVE-2022-22674 - Apple macOS Out-of-Bounds Read Vulnerability -
Action Due Apr 25, 2022 Target Vendor : Apple
Description : macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-22674
9.8
CVE-2022-22965 - Spring Framework JDK 9+ Remote Code Execution Vulnerability -
Action Due Apr 25, 2022 Target Vendor : VMware
Description : Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-22965
10.0
CVE-2021-28799 - QNAP NAS Improper Authorization Vulnerability -
Action Due Apr 21, 2022 Target Vendor : QNAP
Description : QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 31, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-28799
9.8
CVE-2022-26871 - Trend Micro Apex Central Arbitrary File Upload Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Trend Micro
Description : An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-26871
9.8
CVE-2018-10562 - Dasan GPON Routers Command Injection Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Dasan
Description : Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 31, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-10562
9.8
CVE-2018-10561 - Dasan GPON Routers Authentication Bypass Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Dasan
Description : Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-10561
9.8
CVE-2022-1040 - Sophos Firewall Authentication Bypass Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Sophos
Description : An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-1040
7.8
CVE-2021-34484 - Microsoft Windows User Profile Service Privilege Escalation Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Microsoft
Description : Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-34484
8.8
CVE-2021-21551 - Dell dbutil Driver Insufficient Access Control Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Dell
Description : Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21551
9.3
CVE-2015-1770 - Microsoft Office Uninitialized Memory Use Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1770
9.3
CVE-2015-2419 - Microsoft Internet Explorer Memory Corruption Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2419