CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.8
CVE-2022-26143 - MiCollab, MiVoice Business Express Access Control Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Mitel
Description :A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-26143
7.8
CVE-2022-21999 - Microsoft Windows Print Spooler Privilege Escalation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026
Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-21999
10.0
CVE-2021-42237 - Sitecore XP Remote Command Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Sitecore
Description :Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-42237
10.0
CVE-2021-22941 - Citrix ShareFile Improper Access Control Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description :Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-22941
8.8
CVE-2020-9377 - D-Link DIR-610 Devices Remote Command Execution -
Action Due Apr 15, 2022 Target Vendor : D-Link
Description :D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-9377
10.0
CVE-2020-9054 - Zyxel Multiple NAS Devices OS Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Zyxel
Description :Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-9054
10.0
CVE-2020-7247 - OpenSMTPD Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : OpenBSD
Description :smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-7247
7.5
CVE-2020-5410 - VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : VMware Tanzu
Description :Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-5410
10.0
CVE-2020-25223 - Sophos SG UTM Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Sophos
Description :A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-25223
10.0
CVE-2020-2021 - Palo Alto Networks PAN-OS Authentication Bypass Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Palo Alto Networks
Description :Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-2021
9.0
CVE-2020-1956 - Apache Kylin OS Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description :Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-1956
9.8
CVE-2020-1631 - Juniper Junos OS Path Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Juniper
Description :A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-1631
8.1
CVE-2019-6340 - Drupal Core Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Drupal
Description :In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-6340
7.2
CVE-2019-2616 - Oracle BI Publisher Unauthorized Access Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Oracle
Description :Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-2616
10.0
CVE-2019-16920 - D-Link Multiple Routers Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : D-Link
Description :Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-16920
10.0
CVE-2019-15107 - Webmin Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Webmin
Description :An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-15107
9.0
CVE-2019-12991 - Citrix SD-WAN and NetScaler Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description :Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-12991
9.8
CVE-2019-12989 - Citrix SD-WAN and NetScaler SQL Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description :Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-12989
9.8
CVE-2019-11043 - PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability -
Action Due Apr 15, 2022 Target Vendor : PHP
Description :In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-11043
9.8
CVE-2019-10068 - Kentico Xperience Deserialization of Untrusted Data Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Kentico
Description :Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-10068