CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.8
CVE-2012-1823 - PHP-CGI Query String Parameter Vulnerability -
Action Due Apr 15, 2022 Target Vendor : PHP
Description : sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-1823
7.8
CVE-2010-4345 - Exim Privilege Escalation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Exim
Description : Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-4345
7.5
CVE-2010-3035 - Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description : Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-3035
9.8
CVE-2010-2861 - Adobe ColdFusion Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description : A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-2861
5.9
CVE-2009-2055 - Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description : Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-2055
9.8
CVE-2009-1151 - phpMyAdmin Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : phpMyAdmin
Description : Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-1151
9.3
CVE-2009-0927 - Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description : Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-0927
9.8
CVE-2005-2773 - HP OpenView Network Node Manager Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Hewlett Packard (HP)
Description : HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2005-2773
10.0
CVE-2019-15107 - Webmin Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Webmin
Description : An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-15107
9.0
CVE-2020-1956 - Apache Kylin OS Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description : Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-1956
9.8
CVE-2022-26143 - MiCollab, MiVoice Business Express Access Control Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Mitel
Description : A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-26143
7.8
CVE-2022-21999 - Microsoft Windows Print Spooler Privilege Escalation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-21999
8.8
CVE-2020-9377 - D-Link DIR-610 Devices Remote Command Execution -
Action Due Apr 15, 2022 Target Vendor : D-Link
Description : D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-9377
10.0
CVE-2020-7247 - OpenSMTPD Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : OpenBSD
Description : smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-7247
7.5
CVE-2020-5410 - VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : VMware Tanzu
Description : Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-5410
10.0
CVE-2020-25223 - Sophos SG UTM Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Sophos
Description : A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-25223
9.8
CVE-2020-2506 - QNAP Helpdesk Improper Access Control Vulnerability -
Action Due Apr 15, 2022 Target Vendor : QNAP Systems
Description : QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-2506
8.1
CVE-2019-6340 - Drupal Core Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Drupal
Description : In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-6340
10.0
CVE-2019-16920 - D-Link Multiple Routers Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : D-Link
Description : Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-16920
9.0
CVE-2019-12991 - Citrix SD-WAN and NetScaler Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description : Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-12991