CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
7.8
CVE-2021-44168 - Fortinet FortiOS Arbitrary File Download -
Action Due Dec 24, 2021 Target Vendor : Fortinet
Description : Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-44168
8.1
CVE-2017-17562 - Embedthis GoAhead Remote Code Execution Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Embedthis
Description : Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-17562
9.8
CVE-2017-12149 - Red Hat JBoss Application Server Remote Code Execution Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Red Hat
Description : The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Dec 10, 2021
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12149
9.8
CVE-2020-17463 - Fuel CMS SQL Injection Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Fuel CMS
Description : FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-17463
9.1
CVE-2018-14847 - MikroTik Router OS Directory Traversal Vulnerability -
Action Due Jun 01, 2022 Target Vendor : MikroTik
Description : MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-14847
9.8
CVE-2021-44077 - Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability -
Action Due Dec 15, 2021 Target Vendor : Zoho
Description : Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-44077
9.8
CVE-2021-37415 - Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability -
Action Due Dec 15, 2021 Target Vendor : Zoho
Description : Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-37415
9.0
CVE-2021-40438 - Apache HTTP Server-Side Request Forgery (SSRF) -
Action Due Dec 15, 2021 Target Vendor : Apache
Description : A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40438
7.8
CVE-2020-11261 - Qualcomm Multiple Chipsets Improper Input Validation Vulnerability -
Action Due Jun 01, 2022 Target Vendor : Qualcomm
Description : Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-11261
8.8
CVE-2021-42321 - Microsoft Exchange Server Remote Code Execution Vulnerability -
Action Due Dec 01, 2021 Target Vendor : Microsoft
Description : An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 17, 2021
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42321
7.8
CVE-2021-22204 - ExifTool Remote Code Execution Vulnerability -
Action Due Dec 01, 2021 Target Vendor : Perl
Description : Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22204
7.8
CVE-2021-40449 - Microsoft Windows Win32k Privilege Escalation Vulnerability -
Action Due Dec 01, 2021 Target Vendor : Microsoft
Description : Unspecified vulnerability allows for an authenticated user to escalate privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 17, 2021
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40449
7.8
CVE-2021-42292 - Microsoft Excel Security Feature Bypass -
Action Due Dec 01, 2021 Target Vendor : Microsoft
Description : A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42292
9.8
CVE-2020-15505 - Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Ivanti
Description : Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-15505
9.8
CVE-2020-7961 - Liferay Portal Deserialization of Untrusted Data Vulnerability -
Action Due May 03, 2022 Target Vendor : Liferay
Description : Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-7961
8.2
CVE-2021-23874 - McAfee Total Protection (MTP) Improper Privilege Management Vulnerability -
Action Due Nov 17, 2021 Target Vendor : McAfee
Description : McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-23874
7.5
CVE-2021-22506 - Micro Focus Access Manager Information Leakage Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Micro Focus
Description : Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22506
7.8
CVE-2021-1647 - Microsoft Defender Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description : Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1647
7.8
CVE-2019-0863 - Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description : Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0863
7.8
CVE-2021-36955 - Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description : Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-36955