CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

    10.0

    CRITICAL
    CVE-2021-22205 - GitLab Community and Enterprise Editions Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : GitLab

    Description :GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-22205

    Alert Date: Nov 03, 2021 | 1636 days ago

    8.2

    HIGH
    CVE-2021-23874 - McAfee Total Protection (MTP) Improper Privilege Management Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : McAfee

    Description :McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-23874

    Alert Date: Nov 03, 2021 | 1636 days ago

    8.8

    HIGH
    CVE-2021-33742 - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-33742

    Alert Date: Nov 03, 2021 | 1636 days ago

    8.5

    HIGH
    CVE-2021-27059 - Microsoft Office Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Office contains an unspecified vulnerability that allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-27059

    Alert Date: Nov 03, 2021 | 1636 days ago

    6.1

    MEDIUM
    CVE-2021-1879 - Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Apple

    Description :Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1879

    Alert Date: Nov 03, 2021 | 1636 days ago

    7.5

    HIGH
    CVE-2019-1653 - Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description :Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1653

    Alert Date: Nov 03, 2021 | 1636 days ago

    9.6

    CRITICAL
    CVE-2021-30633 - Google Chromium Indexed DB API Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description :Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30633

    Alert Date: Nov 03, 2021 | 1636 days ago

    9.8

    CRITICAL
    CVE-2020-8644 - PlaySMS Server-Side Template Injection Vulnerability -

    Action Due May 03, 2022 Target Vendor : PlaySMS

    Description :PlaySMS contains a server-side template injection vulnerability that allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-8644

    Alert Date: Nov 03, 2021 | 1636 days ago

    7.5

    HIGH
    CVE-2020-0878 - Microsoft Edge and Internet Explorer Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-0878

    Alert Date: Nov 03, 2021 | 1636 days ago

    8.8

    HIGH
    CVE-2021-40444 - Microsoft MSHTML Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-40444

    Alert Date: Nov 03, 2021 | 1636 days ago

    8.8

    HIGH
    CVE-2020-8467 - Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Trend Micro

    Description :Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-8467

    Alert Date: Nov 03, 2021 | 1636 days ago

    9.8

    CRITICAL
    CVE-2019-16759 - vBulletin PHP Module Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : vBulletin

    Description :The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-16759

    Alert Date: Nov 03, 2021 | 1636 days ago

    8.8

    HIGH
    CVE-2020-1380 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-1380

    Alert Date: Nov 03, 2021 | 1636 days ago

    10.0

    HIGH
    CVE-2021-27104 - Accellion FTA OS Command Injection Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Accellion

    Description :Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-27104

    Alert Date: Nov 03, 2021 | 1636 days ago

    9.8

    CRITICAL
    CVE-2020-17530 - Apache Struts Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Apache

    Description :Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-17530

    Alert Date: Nov 03, 2021 | 1636 days ago

    7.8

    HIGH
    CVE-2020-9859 - Apple Multiple Products Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Apple

    Description :Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-9859

    Alert Date: Nov 03, 2021 | 1636 days ago

    5.5

    MEDIUM
    CVE-2021-27562 - Arm Trusted Firmware Out-of-Bounds Write Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Arm

    Description :Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-27562

    Alert Date: Nov 03, 2021 | 1636 days ago

    9.8

    CRITICAL
    CVE-2019-11580 - Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Atlassian

    Description :Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-11580

    Alert Date: Nov 03, 2021 | 1636 days ago

    8.6

    HIGH
    CVE-2020-3569 - Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description :Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3569

    Alert Date: Nov 03, 2021 | 1636 days ago

    6.5

    MEDIUM
    CVE-2020-8193 - Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability -

    Action Due May 03, 2022 Target Vendor : Citrix

    Description :Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-8193

    Alert Date: Nov 03, 2021 | 1636 days ago
Showing 20 of 1587 Results

Filters