CISA Known Exploited Vulnerabilities (KEV)

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

10.0

HIGH

CVE-2015-3043 - Adobe Flash Player Memory Corruption Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description :A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.

Action :The impacted product is end-of-life and should be disconnected if still in use.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-3043

Alert Date: Mar 03, 2022 | 1464 days ago

9.3

HIGH

CVE-2013-1347 - Microsoft Internet Explorer Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-1347

Alert Date: Mar 03, 2022 | 1464 days ago

10.0

HIGH

CVE-2013-0632 - Adobe ColdFusion Authentication Bypass Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description :An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-0632

Alert Date: Mar 03, 2022 | 1464 days ago

5.4

MEDIUM

CVE-2020-11899 - Treck TCP/IP stack Out-of-Bounds Read Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Treck TCP/IP stack

Description :The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-11899

Alert Date: Mar 03, 2022 | 1464 days ago

10.0

HIGH

CVE-2012-4681 - Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Oracle

Description :The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026

Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-4681

Alert Date: Mar 03, 2022 | 1464 days ago

7.8

HIGH

CVE-2015-2387 - Microsoft ATM Font Driver Privilege Escalation Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-2387

Alert Date: Mar 03, 2022 | 1464 days ago

7.8

HIGH

CVE-2015-1701 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Mar 03, 2022

Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-1701

Alert Date: Mar 03, 2022 | 1464 days ago

9.3

HIGH

CVE-2013-3897 - Microsoft Internet Explorer Use-After-Free Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-3897

Alert Date: Mar 03, 2022 | 1464 days ago

10.0

HIGH

CVE-2013-3346 - Adobe Reader and Acrobat Memory Corruption Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Adobe

Description :Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-3346

Alert Date: Mar 03, 2022 | 1464 days ago

9.0

HIGH

CVE-2017-6737 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6737

Alert Date: Mar 03, 2022 | 1464 days ago

7.8

HIGH

CVE-2018-0154 - Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description :A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0154

Alert Date: Mar 03, 2022 | 1464 days ago

10.0

HIGH

CVE-2018-0151 - Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability -

Action Due Mar 17, 2022 Target Vendor : Cisco

Description :A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0151

Alert Date: Mar 03, 2022 | 1464 days ago

9.3

HIGH

CVE-2017-8540 - Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Microsoft

Description :The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability".

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-8540

Alert Date: Mar 03, 2022 | 1464 days ago

9.0

HIGH

CVE-2017-6744 - Cisco IOS Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6744

Alert Date: Mar 03, 2022 | 1464 days ago

9.0

HIGH

CVE-2017-6739 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6739

Alert Date: Mar 03, 2022 | 1464 days ago

9.0

HIGH

CVE-2017-6736 - Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6736

Alert Date: Mar 03, 2022 | 1464 days ago

6.5

MEDIUM

CVE-2017-6663 - Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Cisco

Description :A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in denial-of-service (DoS).

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-6663

Alert Date: Mar 03, 2022 | 1464 days ago

10.0

HIGH

CVE-2012-1723 - Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Oracle

Description :Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Mar 03, 2022

Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-1723

Alert Date: Mar 03, 2022 | 1464 days ago

10.0

HIGH

CVE-2012-0507 - Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Oracle

Description :An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Mar 03, 2022

Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-0507

Alert Date: Mar 03, 2022 | 1464 days ago

10.0

HIGH

CVE-2011-3544 - Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability -

Action Due Mar 24, 2022 Target Vendor : Oracle

Description :An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2011-3544

Alert Date: Mar 03, 2022 | 1464 days ago

Showing 20 of 1540 Results

Filters

What are you looking for ?

Date Added

Ransomware

Sort By

Browse by Apps

CISA Known Exploited Vulnerabilities (KEV)

10.0

9.3

10.0

5.4

10.0

7.8

7.8

9.3

10.0

9.0

7.8

10.0

9.3

9.0

9.0

9.0

6.5

10.0

10.0

10.0

Filters

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Cookie Preferences