CISA Known Exploited Vulnerabilities Catalog

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.Y

    9.8

    CVSS31
    CVE-2017-5638 - Apache Struts Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Apache

    Description : Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-5638

    Alert Date: Nov 03, 2021 | 1349 days ago

    8.1

    CVSS31
    CVE-2018-11776 - Apache Struts Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Apache

    Description : Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Or, using URL tag which doesn't have value and action set and in same time, its upper package configuration have no or wildcard namespace.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-11776

    Alert Date: Nov 03, 2021 | 1349 days ago

    8.8

    CVSS31
    CVE-2021-30762 - Apple iOS WebKit Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Apple

    Description : Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30762

    Alert Date: Nov 03, 2021 | 1349 days ago

    9.8

    CVSS31
    CVE-2021-1871 - Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Apple

    Description : Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1871

    Alert Date: Nov 03, 2021 | 1349 days ago

    8.8

    CVSS31
    CVE-2021-30661 - Apple Multiple Products WebKit Storage Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Apple

    Description : Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30661

    Alert Date: Nov 03, 2021 | 1349 days ago

    8.8

    CVSS31
    CVE-2021-30665 - Apple Multiple Products WebKit Memory Corruption Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Apple

    Description : Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30665

    Alert Date: Nov 03, 2021 | 1349 days ago

    8.8

    CVSS31
    CVE-2021-30663 - Apple Multiple Products WebKit Integer Overflow Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Apple

    Description : Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30663

    Alert Date: Nov 03, 2021 | 1349 days ago

    8.8

    CVSS31
    CVE-2021-30761 - Apple iOS WebKit Memory Corruption Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Apple

    Description : Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30761

    Alert Date: Nov 03, 2021 | 1349 days ago

    8.8

    CVSS31
    CVE-2019-3398 - Atlassian Confluence Server and Data Center Path Traversal Vulnerability -

    Action Due May 03, 2022 Target Vendor : Atlassian

    Description : Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-3398

    Alert Date: Nov 03, 2021 | 1349 days ago

    8.8

    CVSS31
    CVE-2020-3118 - Cisco IOS XR Software Discovery Protocol Format String Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description : Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-3118

    Alert Date: Nov 03, 2021 | 1349 days ago

    8.6

    CVSS31
    CVE-2020-3569 - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description : Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-3569

    Alert Date: Nov 03, 2021 | 1349 days ago

    7.5

    CVSS31
    CVE-2018-15811 - DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability -

    Action Due May 03, 2022 Target Vendor : DotNetNuke (DNN)

    Description : DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-15811

    Alert Date: Nov 03, 2021 | 1349 days ago

    9.8

    CVSS31
    CVE-2018-7600 - Drupal Core Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Drupal

    Description : Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-7600

    Alert Date: Nov 03, 2021 | 1349 days ago

    9.8

    CVSS31
    CVE-2020-8657 - EyesOfNetwork Use of Hard-Coded Credentials Vulnerability -

    Action Due May 03, 2022 Target Vendor : EyesOfNetwork

    Description : EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8657

    Alert Date: Nov 03, 2021 | 1349 days ago

    8.8

    CVSS31
    CVE-2020-16010 - Google Chrome for Android UI Heap Buffer Overflow Vulnerability -

    Action Due May 03, 2022 Target Vendor : Google

    Description : Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16010

    Alert Date: Nov 03, 2021 | 1349 days ago

    9.6

    CVSS31
    CVE-2020-16013 - Google Chromium V8 Incorrect Implementation Vulnerabililty -

    Action Due May 03, 2022 Target Vendor : Google

    Description : Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16013

    Alert Date: Nov 03, 2021 | 1349 days ago

    9.6

    CVSS31
    CVE-2021-37973 - Google Chromium Portals Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-37973

    Alert Date: Nov 03, 2021 | 1349 days ago

    8.8

    CVSS31
    CVE-2021-30563 - Google Chromium V8 Type Confusion Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30563

    Alert Date: Nov 03, 2021 | 1349 days ago

    9.8

    CVSS31
    CVE-2020-4427 - IBM Data Risk Manager Security Bypass Vulnerability -

    Action Due May 03, 2022 Target Vendor : IBM

    Description : IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-4427

    Alert Date: Nov 03, 2021 | 1349 days ago

    5.5

    CVSS31
    CVE-2016-3718 - ImageMagick Server-Side Request Forgery (SSRF) Vulnerability -

    Action Due May 03, 2022 Target Vendor : ImageMagick

    Description : ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3718

    Alert Date: Nov 03, 2021 | 1349 days ago
Showing 20 of 1382 Results

Filters

© cvefeed.io
Latest DB Update: Jul. 14, 2025 18:22