CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
8.1
CVE-2020-6820 - Mozilla Firefox And Thunderbird Use-After-Free Vulnerability -
Action Due May 03, 2022 Target Vendor : Mozilla
Description : Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-6820
8.8
CVE-2019-17026 - Mozilla Firefox And Thunderbird Type Confusion Vulnerability -
Action Due May 03, 2022 Target Vendor : Mozilla
Description : Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-17026
9.0
CVE-2019-15949 - Nagios XI Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Nagios
Description : Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-15949
9.8
CVE-2020-26919 - Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability -
Action Due May 03, 2022 Target Vendor : NETGEAR
Description : Netgear JGS516PE devices contain a missing function level access control vulnerability.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-26919
8.5
CVE-2019-19356 - Netis WF2419 Devices Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Netis
Description : Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-19356
9.8
CVE-2020-2555 - Oracle Multiple Products Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Oracle
Description : Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment Planning, Oracle Commerce, Oracle Communications Diameter Signaling Router (DSR).
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-2555
9.1
CVE-2012-3152 - Oracle Fusion Middleware Unspecified Vulnerability -
Action Due May 03, 2022 Target Vendor : Oracle
Description : Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-3152
10.0
CVE-2020-14871 - Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability -
Action Due May 03, 2022 Target Vendor : Oracle
Description : Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-14871
9.8
CVE-2015-4852 - Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability -
Action Due May 03, 2022 Target Vendor : Oracle
Description : Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-4852
9.8
CVE-2020-14750 - Oracle WebLogic Server Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Oracle
Description : Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-14750
9.0
CVE-2020-14883 - Oracle WebLogic Server Unspecified Vulnerability -
Action Due May 03, 2022 Target Vendor : Oracle
Description : Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-14883
9.8
CVE-2020-8644 - PlaySMS Server-Side Template Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : PlaySMS
Description : PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8644
9.8
CVE-2019-18935 - Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability -
Action Due May 03, 2022 Target Vendor : Progress
Description : Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-18935
7.2
CVE-2020-8243 - Ivanti Pulse Connect Secure Code Execution Vulnerability -
Action Due Apr 23, 2021 Target Vendor : Ivanti
Description : Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2020-8243
7.2
CVE-2021-22900 - Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability -
Action Due Apr 23, 2021 Target Vendor : Ivanti
Description : Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22900
7.2
CVE-2020-8260 - Ivanti Pulse Connect Secure Code Execution Vulnerability -
Action Due Apr 23, 2021 Target Vendor : Ivanti
Description : Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2020-8260
8.8
CVE-2021-22899 - Ivanti Pulse Connect Secure Command Injection Vulnerability -
Action Due Apr 23, 2021 Target Vendor : Ivanti
Description : Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22899
8.0
CVE-2019-11539 - Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : Ivanti
Description : Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-11539
6.2
CVE-2021-1906 - Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Qualcomm
Description : Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failure.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1906
8.4
CVE-2021-1905 - Qualcomm Multiple Chipsets Use-After-Free Vulnerability -
Action Due May 03, 2022 Target Vendor : Qualcomm
Description : Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1905