CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
7.8
CVE-2016-0099 - Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description :A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 03, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-0099
9.3
CVE-2015-7645 - Adobe Flash Player Arbitrary Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Adobe
Description :Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-7645
10.0
CVE-2015-5119 - Adobe Flash Player Use-After-Free Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Adobe
Description :A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-5119
5.3
CVE-2015-4902 - Oracle Java SE Integrity Check Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Oracle
Description :Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-4902
10.0
CVE-2015-3043 - Adobe Flash Player Memory Corruption Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Adobe
Description :A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-3043
10.0
CVE-2015-2590 - Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Oracle
Description :An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-2590
9.3
CVE-2015-2545 - Microsoft Office Malformed EPS File Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description :Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-2545
9.3
CVE-2015-2424 - Microsoft PowerPoint Memory Corruption Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description :Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2015-2424
9.3
CVE-2014-4114 - Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description :A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-4114
7.8
CVE-2013-5065 - Microsoft Windows Kernel Privilege Escalation Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description :Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-5065
9.3
CVE-2013-3897 - Microsoft Internet Explorer Use-After-Free Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description :A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-3897
10.0
CVE-2013-3346 - Adobe Reader and Acrobat Memory Corruption Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Adobe
Description :Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-3346
6.5
CVE-2013-1675 - Mozilla Firefox Information Disclosure Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Mozilla
Description :Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-1675
9.3
CVE-2013-1347 - Microsoft Internet Explorer Remote Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description :This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2013-1347
10.0
CVE-2012-4681 - Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Oracle
Description :The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-4681
9.3
CVE-2012-1856 - Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description :The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-1856
10.0
CVE-2012-0507 - Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Oracle
Description :An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Mar 03, 2022
Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-0507
10.0
CVE-2011-3544 - Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Oracle
Description :An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2011-3544
10.0
CVE-2011-1889 - Microsoft Forefront TMG Remote Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description :A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2011-1889
9.3
CVE-2011-0611 - Adobe Flash Player Remote Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Adobe
Description :Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.
Action :The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2011-0611