CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

    9.3

    HIGH
    CVE-2019-0541 - Microsoft MSHTML Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-0541

    Alert Date: Nov 03, 2021 | 1633 days ago

    9.0

    HIGH
    CVE-2020-0688 - Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-0688

    Alert Date: Nov 03, 2021 | 1633 days ago

    9.3

    HIGH
    CVE-2017-0143 - Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-0143

    Alert Date: Nov 03, 2021 | 1633 days ago

    7.8

    HIGH
    CVE-2017-11774 - Microsoft Office Outlook Security Feature Bypass Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-11774

    Alert Date: Nov 03, 2021 | 1633 days ago

    8.8

    HIGH
    CVE-2021-21224 - Google Chromium V8 Type Confusion Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description :Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-21224

    Alert Date: Nov 03, 2021 | 1633 days ago

    8.8

    HIGH
    CVE-2021-21193 - Google Chromium Blink Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description :Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-21193

    Alert Date: Nov 03, 2021 | 1633 days ago

    7.6

    HIGH
    CVE-2020-0968 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-0968

    Alert Date: Nov 03, 2021 | 1633 days ago

    10.0

    CRITICAL
    CVE-2020-6207 - SAP Solution Manager Missing Authentication for Critical Function Vulnerability -

    Action Due May 03, 2022 Target Vendor : SAP

    Description :SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-6207

    Alert Date: Nov 03, 2021 | 1633 days ago

    7.5

    HIGH
    CVE-2016-3976 - SAP NetWeaver Directory Traversal Vulnerability -

    Action Due May 03, 2022 Target Vendor : SAP

    Description :SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-3976

    Alert Date: Nov 03, 2021 | 1633 days ago

    9.8

    CRITICAL
    CVE-2021-26855 - Microsoft Exchange Server Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26855

    Alert Date: Nov 03, 2021 | 1633 days ago

    7.8

    HIGH
    CVE-2021-26858 - Microsoft Exchange Server Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Microsoft

    Description :Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26858

    Alert Date: Nov 03, 2021 | 1633 days ago

    9.3

    HIGH
    CVE-2021-1675 - Microsoft Windows Print Spooler Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1675

    Alert Date: Nov 03, 2021 | 1633 days ago

    7.2

    HIGH
    CVE-2020-8260 - Ivanti Pulse Connect Secure Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Ivanti

    Description :Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2020-8260

    Alert Date: Nov 03, 2021 | 1633 days ago

    9.0

    HIGH
    CVE-2020-10221 - rConfig OS Command Injection Vulnerability -

    Action Due May 03, 2022 Target Vendor : rConfig

    Description :rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-10221

    Alert Date: Nov 03, 2021 | 1633 days ago

    10.0

    HIGH
    CVE-2021-35395 - Realtek AP-Router SDK Buffer Overflow Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Realtek

    Description :Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS).

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-35395

    Alert Date: Nov 03, 2021 | 1633 days ago

    7.8

    HIGH
    CVE-2017-16651 - Roundcube Webmail File Disclosure Vulnerability -

    Action Due May 03, 2022 Target Vendor : Roundcube

    Description :Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-16651

    Alert Date: Nov 03, 2021 | 1633 days ago

    9.3

    HIGH
    CVE-2019-9082 - ThinkPHP Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : ThinkPHP

    Description :ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-9082

    Alert Date: Nov 03, 2021 | 1633 days ago

    8.8

    HIGH
    CVE-2019-18187 - Trend Micro OfficeScan Directory Traversal Vulnerability -

    Action Due May 03, 2022 Target Vendor : Trend Micro

    Description :Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-18187

    Alert Date: Nov 03, 2021 | 1633 days ago

    10.0

    HIGH
    CVE-2020-8599 - Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability -

    Action Due May 03, 2022 Target Vendor : Trend Micro

    Description :Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-8599

    Alert Date: Nov 03, 2021 | 1633 days ago

    7.8

    HIGH
    CVE-2021-36742 - Trend Micro Multiple Products Improper Input Validation Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Trend Micro

    Description :Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36742

    Alert Date: Nov 03, 2021 | 1633 days ago
Showing 20 of 1582 Results

Filters