CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.0
CVE-2021-25296 - Nagios XI OS Command Injection -
Action Due Feb 01, 2022 Target Vendor : Nagios
Description : Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-25296
9.0
CVE-2021-25297 - Nagios XI OS Command Injection -
Action Due Feb 01, 2022 Target Vendor : Nagios
Description : Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-25297
9.0
CVE-2021-25298 - Nagios XI OS Command Injection -
Action Due Feb 01, 2022 Target Vendor : Nagios
Description : Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-25298
7.5
CVE-2021-21975 - VMware Server Side Request Forgery in vRealize Operations Manager API -
Action Due Feb 01, 2022 Target Vendor : VMware
Description : Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Jan 18, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21975
7.8
CVE-2020-14864 - Oracle Business Intelligence Enterprise Edition Path Transversal -
Action Due Jul 18, 2022 Target Vendor : Oracle
Description : Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-14864
9.8
CVE-2021-22991 - F5 BIG-IP Traffic Management Microkernel Buffer Overflow -
Action Due Feb 01, 2022 Target Vendor : F5
Description : The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22991
7.5
CVE-2021-33766 - Microsoft Exchange Server Information Disclosure -
Action Due Feb 01, 2022 Target Vendor : Microsoft
Description : Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-33766
9.8
CVE-2020-13927 - Apache Airflow's Experimental API Authentication Bypass -
Action Due Jul 18, 2022 Target Vendor : Apache
Description : The previous default setting for Airflow's Experimental API was to allow all API requests without authentication.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-13927
8.8
CVE-2020-11978 - Apache Airflow Command Injection -
Action Due Jul 18, 2022 Target Vendor : Apache
Description : A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-11978
10.0
CVE-2019-7609 - Kibana Arbitrary Code Execution -
Action Due Jul 10, 2022 Target Vendor : Elastic
Description : Kibana contain an arbitrary code execution flaw in the Timelion visualizer.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7609
9.8
CVE-2021-27860 - FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit -
Action Due Jan 24, 2022 Target Vendor : FatPipe
Description : A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27860
8.1
CVE-2019-1579 - Palo Alto Networks PAN-OS Remote Code Execution Vulnerability -
Action Due Jul 10, 2022 Target Vendor : Palo Alto Networks
Description : Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Jan 10, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1579
10.0
CVE-2019-10149 - Exim Mail Transfer Agent (MTA) Improper Input Validation -
Action Due Jul 10, 2022 Target Vendor : Exim
Description : Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-10149
10.0
CVE-2015-7450 - IBM WebSphere Application Server and Server Hypervisor Edition Code Injection. -
Action Due Jul 10, 2022 Target Vendor : IBM
Description : Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-7450
5.3
CVE-2021-22017 - VMware vCenter Server Improper Access Control -
Action Due Jan 24, 2022 Target Vendor : VMware
Description : Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22017
9.8
CVE-2021-36260 - Hikvision Improper Input Validation -
Action Due Jan 24, 2022 Target Vendor : Hikvision
Description : A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-36260
9.3
CVE-2020-6572 - Google Chrome Media Use-After-Free Vulnerability -
Action Due Jul 10, 2022 Target Vendor : Google
Description : Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-6572
8.8
CVE-2013-3900 - Microsoft WinVerifyTrust function Remote Code Execution -
Action Due Jul 10, 2022 Target Vendor : Microsoft
Description : A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-3900
7.8
CVE-2019-1458 - Microsoft Win32k Privilege Escalation Vulnerability -
Action Due Jul 10, 2022 Target Vendor : Microsoft
Description : A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Jan 10, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1458
9.8
CVE-2019-2725 - Oracle WebLogic Server, Injection -
Action Due Jul 10, 2022 Target Vendor : Oracle
Description : Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services).
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Jan 10, 2022
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-2725