CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
8.1
CVE-2014-3120 - Elasticsearch Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Elastic
Description :Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-3120
7.5
CVE-2014-0130 - Ruby on Rails Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Rails
Description :Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-0130
9.8
CVE-2012-1823 - PHP-CGI Query String Parameter Vulnerability -
Action Due Apr 15, 2022 Target Vendor : PHP
Description :sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-1823
7.8
CVE-2010-4345 - Exim Privilege Escalation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Exim
Description :Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-4345
9.8
CVE-2005-2773 - HP OpenView Network Node Manager Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Hewlett Packard (HP)
Description :HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2005-2773
7.5
CVE-2010-3035 - Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description :Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-3035
9.8
CVE-2010-2861 - Adobe ColdFusion Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description :A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 25, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2010-2861
5.9
CVE-2009-2055 - Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description :Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-2055
9.8
CVE-2009-1151 - phpMyAdmin Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : phpMyAdmin
Description :Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-1151
9.3
CVE-2009-0927 - Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description :Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2009-0927
10.0
CVE-2019-15107 - Webmin Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Webmin
Description :An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-15107
9.0
CVE-2020-1956 - Apache Kylin OS Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description :Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-1956
10.0
CVE-2014-6287 - Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Rejetto
Description :The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-6287
7.8
CVE-2022-21999 - Microsoft Windows Print Spooler Privilege Escalation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description :Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026
Notes :https://nvd.nist.gov/vuln/detail/CVE-2022-21999
8.8
CVE-2020-9377 - D-Link DIR-610 Devices Remote Command Execution -
Action Due Apr 15, 2022 Target Vendor : D-Link
Description :D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-9377
10.0
CVE-2020-7247 - OpenSMTPD Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : OpenBSD
Description :smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-7247
10.0
CVE-2020-25223 - Sophos SG UTM Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Sophos
Description :A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-25223
9.8
CVE-2020-2506 - QNAP Helpdesk Improper Access Control Vulnerability -
Action Due Apr 15, 2022 Target Vendor : QNAP Systems
Description :QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-2506
8.1
CVE-2019-6340 - Drupal Core Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Drupal
Description :In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-6340
10.0
CVE-2019-16920 - D-Link Multiple Routers Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : D-Link
Description :Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-16920