CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
8.5
CVE-2019-19356 - Netis WF2419 Devices Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Netis
Description : Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-19356
8.8
CVE-2021-21017 - Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Adobe
Description : Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21017
9.6
CVE-2021-28550 - Adobe Acrobat and Reader Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Adobe
Description : Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-28550
10.0
CVE-2018-4939 - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability -
Action Due May 03, 2022 Target Vendor : Adobe
Description : Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-4939
10.0
CVE-2018-15961 - Adobe ColdFusion Unrestricted File Upload Vulnerability -
Action Due May 03, 2022 Target Vendor : Adobe
Description : Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-15961
8.8
CVE-2020-5735 - Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability -
Action Due May 03, 2022 Target Vendor : Amcrest
Description : Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-5735
8.8
CVE-2020-16009 - Google Chromium V8 Type Confusion Vulnerability -
Action Due May 03, 2022 Target Vendor : Google
Description : Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16009
8.8
CVE-2021-30632 - Google Chromium V8 Out-of-Bounds Write Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Google
Description : Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30632
8.8
CVE-2021-21148 - Google Chromium V8 Heap Buffer Overflow Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Google
Description : Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21148
8.8
CVE-2021-30858 - Apple iOS, iPadOS, macOS Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30858
8.8
CVE-2021-30554 - Google Chromium WebGL Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Google
Description : Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30554
10.0
CVE-2021-22893 - Ivanti Pulse Connect Secure Use-After-Free Vulnerability -
Action Due May 03, 2022 Target Vendor : Ivanti
Description : Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes : Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22893
6.5
CVE-2016-9563 - SAP NetWeaver XML External Entity (XXE) Vulnerability -
Action Due May 03, 2022 Target Vendor : SAP
Description : SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-9563
10.0
CVE-2021-21985 - VMware vCenter Server Improper Input Validation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : VMware
Description : VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21985
9.1
CVE-2020-4006 - Multiple VMware Products Command Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : VMware
Description : VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-4006
10.0
CVE-2020-25213 - WordPress File Manager Plugin Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : WordPress
Description : WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-25213
9.3
CVE-2021-30869 - Apple iOS, iPadOS, and macOS Type Confusion Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30869
7.8
CVE-2020-9859 - Apple Multiple Products Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-9859
9.8
CVE-2021-20090 - Arcadyan Buffalo Firmware Path Traversal Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Arcadyan
Description : Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-20090
5.5
CVE-2021-27562 - Arm Trusted Firmware Out-of-Bounds Write Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Arm
Description : Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27562