CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.8
CVE-2019-7238 - Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Sonatype
Description :Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-7238
9.0
CVE-2019-0193 - Apache Solr DataImportHandler Code Injection Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Apache
Description :The optional Apache Solr module DataImportHandler contains a code injection vulnerability.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0193
7.8
CVE-2021-44168 - Fortinet FortiOS Arbitrary File Download -
Action Due Dec 24, 2021 Target Vendor : Fortinet
Description :Fortinet FortiOS "execute restore src-vis" downloads code without integrity checking, allowing an attacker to arbitrarily download files.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-44168
8.1
CVE-2017-17562 - Embedthis GoAhead Remote Code Execution Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Embedthis
Description :Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-17562
9.8
CVE-2017-12149 - Red Hat JBoss Application Server Remote Code Execution Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Red Hat
Description :The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Dec 10, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-12149
10.0
CVE-2021-44228 - Apache Log4j2 Remote Code Execution Vulnerability -
Action Due Dec 24, 2021 Target Vendor : Apache
Description :Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
Action :For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.
Known To Be Used in Ransomware Campaigns? : Known Detected Dec 10, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-44228
7.8
CVE-2020-11261 - Qualcomm Multiple Chipsets Improper Input Validation Vulnerability -
Action Due Jun 01, 2022 Target Vendor : Qualcomm
Description :Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-11261
9.1
CVE-2018-14847 - MikroTik Router OS Directory Traversal Vulnerability -
Action Due Jun 01, 2022 Target Vendor : MikroTik
Description :MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-14847
9.8
CVE-2021-37415 - Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability -
Action Due Dec 15, 2021 Target Vendor : Zoho
Description :Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-37415
9.0
CVE-2021-40438 - Apache HTTP Server-Side Request Forgery (SSRF) -
Action Due Dec 15, 2021 Target Vendor : Apache
Description :A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-40438
9.8
CVE-2021-44077 - Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability -
Action Due Dec 15, 2021 Target Vendor : Zoho
Description :Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-44077
7.8
CVE-2021-42292 - Microsoft Excel Security Feature Bypass -
Action Due Dec 01, 2021 Target Vendor : Microsoft
Description :A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-42292
8.8
CVE-2021-42321 - Microsoft Exchange Server Remote Code Execution Vulnerability -
Action Due Dec 01, 2021 Target Vendor : Microsoft
Description :An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 17, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-42321
7.8
CVE-2021-40449 - Microsoft Windows Win32k Privilege Escalation Vulnerability -
Action Due Dec 01, 2021 Target Vendor : Microsoft
Description :Unspecified vulnerability allows for an authenticated user to escalate privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 17, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-40449
7.8
CVE-2021-22204 - ExifTool Remote Code Execution Vulnerability -
Action Due Dec 01, 2021 Target Vendor : Perl
Description :Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-22204
10.0
CVE-2020-29583 - Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability -
Action Due May 03, 2022 Target Vendor : Zyxel
Description :Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-29583
7.5
CVE-2019-8394 - Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability -
Action Due May 03, 2022 Target Vendor : Zoho
Description :Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-8394
6.1
CVE-2019-9978 - WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability -
Action Due May 03, 2022 Target Vendor : WordPress
Description :WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-9978
10.0
CVE-2020-25213 - WordPress File Manager Plugin Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : WordPress
Description :WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-25213
9.1
CVE-2020-4006 - Multiple VMware Products Command Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : VMware
Description :VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-4006