CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV
Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

    9.8

    CRITICAL
    CVE-2021-22005 - VMware vCenter Server File Upload Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : VMware

    Description :VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-22005

    Alert Date: Nov 03, 2021 | 1636 days ago

    7.5

    HIGH
    CVE-2020-11738 - WordPress Snap Creek Duplicator Plugin File Download Vulnerability -

    Action Due May 03, 2022 Target Vendor : WordPress

    Description :WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-11738

    Alert Date: Nov 03, 2021 | 1636 days ago

    10.0

    HIGH
    CVE-2021-27561 - Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Yealink

    Description :Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-27561

    Alert Date: Nov 03, 2021 | 1636 days ago

    9.8

    CRITICAL
    CVE-2021-40539 - Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Zoho

    Description :Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-40539

    Alert Date: Nov 03, 2021 | 1636 days ago

    10.0

    HIGH
    CVE-2020-10189 - Zoho ManageEngine Desktop Central File Upload Vulnerability -

    Action Due May 03, 2022 Target Vendor : Zoho

    Description :Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-10189

    Alert Date: Nov 03, 2021 | 1636 days ago

    9.1

    CRITICAL
    CVE-2012-3152 - Oracle Fusion Middleware Unspecified Vulnerability -

    Action Due May 03, 2022 Target Vendor : Oracle

    Description :Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2012-3152

    Alert Date: Nov 03, 2021 | 1636 days ago

    10.0

    CRITICAL
    CVE-2020-12271 - Sophos SFOS SQL Injection Vulnerability -

    Action Due May 03, 2022 Target Vendor : Sophos

    Description :Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-12271

    Alert Date: Nov 03, 2021 | 1636 days ago

    10.0

    HIGH
    CVE-2020-3992 - VMware ESXi OpenSLP Use-After-Free Vulnerability -

    Action Due May 03, 2022 Target Vendor : VMware

    Description :VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3992

    Alert Date: Nov 03, 2021 | 1636 days ago

    7.8

    HIGH
    CVE-2020-3950 - VMware Multiple Products Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : VMware

    Description :VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3950

    Alert Date: Nov 03, 2021 | 1636 days ago

    10.0

    HIGH
    CVE-2018-4939 - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability -

    Action Due May 03, 2022 Target Vendor : Adobe

    Description :Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-4939

    Alert Date: Nov 03, 2021 | 1636 days ago

    10.0

    HIGH
    CVE-2021-1497 - Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Cisco

    Description :Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-1497

    Alert Date: Nov 03, 2021 | 1636 days ago

    10.0

    HIGH
    CVE-2020-5847 - Unraid Remote Code Execution Vulnerability -

    Action Due May 03, 2022 Target Vendor : Unraid

    Description :Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-5847

    Alert Date: Nov 03, 2021 | 1636 days ago

    7.5

    HIGH
    CVE-2019-1653 - Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability -

    Action Due May 03, 2022 Target Vendor : Cisco

    Description :Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-1653

    Alert Date: Nov 03, 2021 | 1636 days ago

    9.3

    HIGH
    CVE-2019-15752 - Docker Desktop Community Edition Privilege Escalation Vulnerability -

    Action Due May 03, 2022 Target Vendor : Docker

    Description :Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\DockerDesktop\version-bin\.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-15752

    Alert Date: Nov 03, 2021 | 1636 days ago

    8.8

    HIGH
    CVE-2021-33742 - Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-33742

    Alert Date: Nov 03, 2021 | 1636 days ago

    8.5

    HIGH
    CVE-2021-27059 - Microsoft Office Remote Code Execution Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Microsoft

    Description :Microsoft Office contains an unspecified vulnerability that allows for remote code execution.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-27059

    Alert Date: Nov 03, 2021 | 1636 days ago

    8.1

    HIGH
    CVE-2020-6820 - Mozilla Firefox And Thunderbird Use-After-Free Vulnerability -

    Action Due May 03, 2022 Target Vendor : Mozilla

    Description :Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-6820

    Alert Date: Nov 03, 2021 | 1636 days ago

    8.8

    HIGH
    CVE-2021-37975 - Google Chromium V8 Use-After-Free Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Google

    Description :Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-37975

    Alert Date: Nov 03, 2021 | 1636 days ago

    9.8

    CRITICAL
    CVE-2020-11651 - SaltStack Salt Authentication Bypass Vulnerability -

    Action Due May 03, 2022 Target Vendor : SaltStack

    Description :SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-11651

    Alert Date: Nov 03, 2021 | 1636 days ago

    6.6

    MEDIUM
    CVE-2018-2380 - SAP Customer Relationship Management (CRM) Path Traversal Vulnerability -

    Action Due May 03, 2022 Target Vendor : SAP

    Description :SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users.

    Action :Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

    Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-2380

    Alert Date: Nov 03, 2021 | 1636 days ago
Showing 20 of 1587 Results

Filters