CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
7.8
CVE-2016-0151 - Microsoft Windows CSRSS Security Feature Bypass Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 28, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-0151
10.0
CVE-2013-2465 - Oracle Java SE Unspecified Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Oracle
Description : Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 28, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-2465
9.3
CVE-2012-2539 - Microsoft Word Remote Code Execution Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-2539
8.8
CVE-2022-1096 - Google Chromium V8 Type Confusion Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Google
Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-1096
7.8
CVE-2021-38646 - Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 28, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-38646
4.7
CVE-2012-0518 - Oracle Fusion Middleware Unspecified Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Oracle
Description : Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0518
10.0
CVE-2012-5076 - Oracle Java SE Sandbox Bypass Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Oracle
Description : The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-5076
9.3
CVE-2013-1690 - Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Mozilla
Description : Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-1690
10.0
CVE-2013-2729 - Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Adobe
Description : Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-2729
7.8
CVE-2018-8405 - Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 28, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8405
9.8
CVE-2018-1273 - VMware Tanzu Spring Data Commons Property Binder Vulnerability -
Action Due Apr 15, 2022 Target Vendor : VMware Tanzu
Description : Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-1273
10.0
CVE-2021-22941 - Citrix ShareFile Improper Access Control Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description : Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22941
9.3
CVE-2017-0146 - Microsoft Windows SMB Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0146
9.8
CVE-2015-1427 - Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Elastic
Description : The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1427
9.8
CVE-2022-26318 - WatchGuard Firebox and XTM Appliances Arbitrary Code Execution -
Action Due Apr 15, 2022 Target Vendor : WatchGuard
Description : On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-26318
10.0
CVE-2021-42237 - Sitecore XP Remote Command Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Sitecore
Description : Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42237
9.8
CVE-2019-11043 - PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability -
Action Due Apr 15, 2022 Target Vendor : PHP
Description : In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-11043
9.3
CVE-2019-0903 - Microsoft GDI Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0903
9.3
CVE-2018-8414 - Microsoft Windows Shell Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8414
7.6
CVE-2018-8373 - Microsoft Scripting Engine Memory Corruption Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8373