CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

    10.0

    HIGH
    CVE-2020-5847 - Unraid Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Unraid

    Description :Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-5847

    Alert Date: Nov 03, 2021 | 1585 days ago

    7.8

    HIGH
    CVE-2020-9859 - Apple Multiple Products Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Apple

    Description :Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-9859

    Alert Date: Nov 03, 2021 | 1585 days ago

    10.0

    HIGH
    CVE-2020-3992 - VMware ESXi OpenSLP Use-After-Free Vulnerability -

    Action Due May 03, 2022 Target Vendor : VMware

    Description :VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3992

    Alert Date: Nov 03, 2021 | 1585 days ago

    7.8

    HIGH
    CVE-2020-3950 - VMware Multiple Products Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : VMware

    Description :VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3950

    Alert Date: Nov 03, 2021 | 1585 days ago

    9.8

    CRITICAL
    CVE-2021-40539 - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Zoho

    Description :Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-40539

    Alert Date: Nov 03, 2021 | 1585 days ago

    9.8

    CRITICAL
    CVE-2021-20090 - Arcadyan Buffalo Firmware Path Traversal Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Arcadyan

    Description :Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-20090

    Alert Date: Nov 03, 2021 | 1585 days ago

    10.0

    HIGH
    CVE-2020-10189 - Zoho ManageEngine Desktop Central File Upload Vulnerability -

    Action Due May 03, 2022 Target Vendor : Zoho

    Description :Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-10189

    Alert Date: Nov 03, 2021 | 1585 days ago

    7.5

    HIGH
    CVE-2019-8394 - Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability -

    Action Due May 03, 2022 Target Vendor : Zoho

    Description :Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-8394

    Alert Date: Nov 03, 2021 | 1585 days ago

    5.5

    MEDIUM
    CVE-2021-27562 - Arm Trusted Firmware Out-of-Bounds Write Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Arm

    Description :Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-27562

    Alert Date: Nov 03, 2021 | 1585 days ago

    9.8

    CRITICAL
    CVE-2021-26084 - Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Atlassian

    Description :Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-26084

    Alert Date: Nov 03, 2021 | 1585 days ago

    9.8

    CRITICAL
    CVE-2019-11580 - Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Atlassian

    Description :Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-11580

    Alert Date: Nov 03, 2021 | 1585 days ago

    10.0

    HIGH
    CVE-2019-3396 - Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability -

    Action Due May 03, 2022 Target Vendor : Atlassian

    Description :Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-3396

    Alert Date: Nov 03, 2021 | 1585 days ago

    9.8

    CRITICAL
    CVE-2021-42258 - BQE BillQuick Web Suite SQL Injection Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : BQE

    Description :BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-42258

    Alert Date: Nov 03, 2021 | 1585 days ago

    6.1

    MEDIUM
    CVE-2020-3580 - Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description :Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting (XSS) in the context of the interface or access sensitive browser-based information.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3580

    Alert Date: Nov 03, 2021 | 1585 days ago

    10.0

    HIGH
    CVE-2021-1497 - Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Cisco

    Description :Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1497

    Alert Date: Nov 03, 2021 | 1585 days ago

    8.6

    HIGH
    CVE-2020-3566 - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description :Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3566

    Alert Date: Nov 03, 2021 | 1585 days ago

    8.6

    HIGH
    CVE-2020-3569 - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description :Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3569

    Alert Date: Nov 03, 2021 | 1585 days ago

    10.0

    HIGH
    CVE-2020-3161 - Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description :Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3161

    Alert Date: Nov 03, 2021 | 1585 days ago

    7.5

    HIGH
    CVE-2018-0296 - Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description :Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0296

    Alert Date: Nov 03, 2021 | 1585 days ago

    6.5

    MEDIUM
    CVE-2020-8193 - Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability -

    Action Due May 03, 2022 Target Vendor : Citrix

    Description :Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-8193

    Alert Date: Nov 03, 2021 | 1585 days ago
Showing 20 of 1540 Results

Filters