CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
10.0
CVE-2019-4716 - IBM Planning Analytics Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : IBM
Description : IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as "admin", and then execute code as root or SYSTEM via TM1 scripting.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-4716
9.3
CVE-2021-30807 - Apple Multiple Products Memory Corruption Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30807
8.8
CVE-2020-9818 - Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability -
Action Due May 03, 2022 Target Vendor : Apple
Description : Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-9818
7.5
CVE-2019-7481 - SonicWall SMA100 SQL Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : SonicWall
Description : SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7481
10.0
CVE-2020-1472 - Microsoft Netlogon Privilege Escalation Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description : Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes : Reference CISA's ED 20-04 (https://www.cisa.gov/news-events/directives/ed-20-04-mitigate-netlogon-elevation-privilege-vulnerability-august-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-04. https://nvd.nist.gov/vuln/detail/CVE-2020-1472
8.8
CVE-2021-30665 - Apple Multiple Products WebKit Memory Corruption Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30665
8.8
CVE-2021-30663 - Apple Multiple Products WebKit Integer Overflow Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30663
10.0
CVE-2020-5902 - F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : F5
Description : F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-5902
9.6
CVE-2020-16010 - Google Chrome for Android UI Heap Buffer Overflow Vulnerability -
Action Due May 03, 2022 Target Vendor : Google
Description : Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16010
9.8
CVE-2021-1870 - Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1870
7.0
CVE-2021-1782 - Apple Multiple Products Race Condition Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1782
9.3
CVE-2012-0158 - Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Microsoft
Description : Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0158
6.6
CVE-2021-31207 - Microsoft Exchange Server Security Feature Bypass Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31207
7.8
CVE-2021-33771 - Microsoft Windows Kernel Privilege Escalation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Microsoft
Description : Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-33771
6.1
CVE-2021-38000 - Google Chromium Intents Improper Input Validation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Google
Description : Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-38000
7.8
CVE-2021-36742 - Trend Micro Multiple Products Improper Input Validation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Trend Micro
Description : Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36742
8.8
CVE-2021-37975 - Google Chromium V8 Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Google
Description : Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-37975
9.8
CVE-2019-16759 - vBulletin PHP Module Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : vBulletin
Description : The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-16759
7.5
CVE-2019-20085 - TVT NVMS-1000 Directory Traversal Vulnerability -
Action Due May 03, 2022 Target Vendor : TVT
Description : TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-20085
10.0
CVE-2021-22502 - Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Micro Focus
Description : Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22502