CISA Known Exploited Vulnerabilities (KEV)

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

8.8

HIGH

CVE-2021-36741 - Trend Micro Multiple Products Improper Input Validation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Trend Micro

Description :Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36741

Alert Date: Nov 03, 2021 | 1585 days ago

6.5

MEDIUM

CVE-2020-8195 - Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability -

Action Due May 03, 2022 Target Vendor : Citrix

Description :Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-8195

Alert Date: Nov 03, 2021 | 1585 days ago

8.8

HIGH

CVE-2021-30551 - Google Chromium V8 Type Confusion Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description :Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30551

Alert Date: Nov 03, 2021 | 1585 days ago

4.3

MEDIUM

CVE-2020-8196 - Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability -

Action Due May 03, 2022 Target Vendor : Citrix

Description :Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-8196

Alert Date: Nov 03, 2021 | 1585 days ago

9.8

CRITICAL

CVE-2019-19781 - Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Citrix

Description :Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-19781

Alert Date: Nov 03, 2021 | 1585 days ago

9.8

CRITICAL

CVE-2019-11634 - Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Citrix

Description :Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-11634

Alert Date: Nov 03, 2021 | 1585 days ago

7.5

HIGH

CVE-2018-18325 - DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability -

Action Due May 03, 2022 Target Vendor : DotNetNuke (DNN)

Description :DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-18325

Alert Date: Nov 03, 2021 | 1585 days ago

8.8

HIGH

CVE-2021-21166 - Google Chromium Race Condition Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description :Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-21166

Alert Date: Nov 03, 2021 | 1585 days ago

8.8

HIGH

CVE-2021-21220 - Google Chromium V8 Improper Input Validation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description :Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-21220

Alert Date: Nov 03, 2021 | 1585 days ago

4.3

MEDIUM

CVE-2020-4430 - IBM Data Risk Manager Directory Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : IBM

Description :IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-4430

Alert Date: Nov 03, 2021 | 1585 days ago

9.8

CRITICAL

CVE-2018-13379 - Fortinet FortiOS SSL VPN Path Traversal Vulnerability -

Action Due May 03, 2022 Target Vendor : Fortinet

Description :Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-13379

Alert Date: Nov 03, 2021 | 1585 days ago

9.8

CRITICAL

CVE-2020-4427 - IBM Data Risk Manager Security Bypass Vulnerability -

Action Due May 03, 2022 Target Vendor : IBM

Description :IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-4427

Alert Date: Nov 03, 2021 | 1585 days ago

9.1

CRITICAL

CVE-2020-4428 - IBM Data Risk Manager Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : IBM

Description :IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.�

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-4428

Alert Date: Nov 03, 2021 | 1585 days ago

10.0

CRITICAL

CVE-2019-4716 - IBM Planning Analytics Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : IBM

Description :IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-4716

Alert Date: Nov 03, 2021 | 1585 days ago

5.5

MEDIUM

CVE-2016-3718 - ImageMagick Server-Side Request Forgery (SSRF) Vulnerability -

Action Due May 03, 2022 Target Vendor : ImageMagick

Description :ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-3718

Alert Date: Nov 03, 2021 | 1585 days ago

10.0

HIGH

CVE-2021-22502 - Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Micro Focus

Description :Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-22502

Alert Date: Nov 03, 2021 | 1585 days ago

7.8

HIGH

CVE-2021-1647 - Microsoft Defender Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description :Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1647

Alert Date: Nov 03, 2021 | 1585 days ago

7.8

HIGH

CVE-2020-0041 - Android Kernel Out-of-Bounds Write Vulnerability -

Action Due May 03, 2022 Target Vendor : Android

Description :Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0069 under exploit chain "AbstractEmu."

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-0041

Alert Date: Nov 03, 2021 | 1585 days ago

9.3

HIGH

CVE-2021-34448 - Microsoft Windows Scripting Engine Memory Corruption Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description :Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-34448

Alert Date: Nov 03, 2021 | 1585 days ago

10.0

HIGH

CVE-2020-0646 - Microsoft .NET Framework Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description :Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-0646

Alert Date: Nov 03, 2021 | 1585 days ago

Showing 20 of 1540 Results

Filters

What are you looking for ?

Date Added

Ransomware

Sort By

Browse by Apps

CISA Known Exploited Vulnerabilities (KEV)

8.8

6.5

8.8

4.3

9.8

9.8

7.5

8.8

8.8

4.3

9.8

9.8

9.1

10.0

5.5

10.0

7.8

7.8

9.3

10.0

Filters

CVEFeed.io UI Customizer

Layout

Vertical

Horizontal

Two Column

Color Scheme

Light

Dark

Layout Width

Fluid

Boxed

Layout Position

Topbar Color

Light

Dark

Sidebar Size

Default

Compact

Small (Icon View)

Small Hover View

Sidebar View

Default

Detached

Sidebar Color

Light

Dark

Gradient

Preloader

Enable

Disable

Cookie Preferences