CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.8
CVE-2022-26318 - WatchGuard Firebox and XTM Appliances Arbitrary Code Execution -
Action Due Apr 15, 2022 Target Vendor : WatchGuard
Description :On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-26318
10.0
CVE-2021-42237 - Sitecore XP Remote Command Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Sitecore
Description :Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-42237
9.8
CVE-2019-11043 - PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability -
Action Due Apr 15, 2022 Target Vendor : PHP
Description :In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-11043
9.3
CVE-2019-0903 - Microsoft GDI Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0903
9.3
CVE-2018-8414 - Microsoft Windows Shell Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-8414
7.6
CVE-2018-8373 - Microsoft Scripting Engine Memory Corruption Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-8373
9.8
CVE-2018-14839 - LG N1A1 NAS Remote Command Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : LG
Description :LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-14839
10.0
CVE-2018-11138 - Quest KACE System Management Appliance Remote Command Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Quest
Description :The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-11138
9.0
CVE-2017-6334 - NETGEAR DGN2200 Devices OS Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : NETGEAR
Description :dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6334
10.0
CVE-2017-3881 - Cisco IOS and IOS XE Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description :A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-3881
8.1
CVE-2017-12617 - Apache Tomcat Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description :When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12617
8.1
CVE-2017-12615 - Apache Tomcat on Windows Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description :When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12615
9.3
CVE-2016-7892 - Adobe Flash Player Use-After-Free Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description :Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-7892
10.0
CVE-2016-4171 - Adobe Flash Player Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description :Unspecified vulnerability in Adobe Flash Player allows for remote code execution.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-4171
10.0
CVE-2015-1187 - D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : D-Link and TRENDnet
Description :The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-1187
9.3
CVE-2014-6332 - Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-6332
5.4
CVE-2013-5223 - D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability -
Action Due Apr 15, 2022 Target Vendor : D-Link
Description :A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-5223
9.8
CVE-2013-2251 - Apache Struts Improper Input Validation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description :Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-2251
10.0
CVE-2014-6287 - Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Rejetto
Description :The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-6287
8.1
CVE-2014-3120 - Elasticsearch Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Elastic
Description :Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-3120