CISA Known Exploited Vulnerabilities (KEV)

CVE-2016-7255 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-7255

CVE-2021-22205 - GitLab Community and Enterprise Editions Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : GitLab

Description : GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22205

CVE-2020-8655 - EyesOfNetwork Improper Privilege Management Vulnerability -

Action Due May 03, 2022 Target Vendor : EyesOfNetwork

Description : EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8655

CVE-2019-5591 - Fortinet FortiOS Default Configuration Vulnerability -

Action Due May 03, 2022 Target Vendor : Fortinet

Description : Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-5591

CVE-2020-15999 - Google Chrome FreeType Heap Buffer Overflow Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-15999

CVE-2021-21166 - Google Chromium Race Condition Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21166

CVE-2019-1215 - Microsoft Windows Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1215

CVE-2021-30633 - Google Chromium Indexed DB API Use-After-Free Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description : Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30633

CVE-2021-27059 - Microsoft Office Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Office contains an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27059

CVE-2019-1367 - Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1367

CVE-2017-9822 - DotNetNuke (DNN) Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : DotNetNuke (DNN)

Description : DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-9822

CVE-2020-15505 - Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Ivanti

Description : Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-15505

CVE-2020-7961 - Liferay Portal Deserialization of Untrusted Data Vulnerability -

Action Due May 03, 2022 Target Vendor : Liferay

Description : Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-7961

CVE-2021-23874 - McAfee Total Protection (MTP) Improper Privilege Management Vulnerability -

Action Due Nov 17, 2021 Target Vendor : McAfee

Description : McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-23874

CVE-2021-22506 - Micro Focus Access Manager Information Leakage Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Micro Focus

Description : Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22506

CVE-2021-1647 - Microsoft Defender Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Defender contains an unspecified vulnerability that allows for remote code execution.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1647

CVE-2019-0863 - Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description : Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0863

CVE-2021-36955 - Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-36955

CVE-2021-31956 - Microsoft Windows NTFS Privilege Escalation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31956

CVE-2021-31201 - Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description : Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation.

Action : Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31201