CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV

To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.

Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.

    9.6

    CRITICAL
    CVE-2020-16010 - Google Chrome for Android UI Heap Buffer Overflow Vulnerability -

    Action Due May 03, 2022 Target Vendor : Google

    Description : Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16010

    Alert Date: Nov 03, 2021 | 1473 days ago

    8.8

    HIGH
    CVE-2020-16013 - Google Chromium V8 Incorrect Implementation Vulnerabililty -

    Action Due May 03, 2022 Target Vendor : Google

    Description : Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-16013

    Alert Date: Nov 03, 2021 | 1473 days ago

    10.0

    HIGH
    CVE-2021-27104 - Accellion FTA OS Command Injection Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Accellion

    Description : Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27104

    Alert Date: Nov 03, 2021 | 1473 days ago

    7.8

    HIGH
    CVE-2021-27102 - Accellion FTA OS Command Injection Vulnerability -

    Action Due Nov 17, 2021 Target Vendor : Accellion

    Description : Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27102

    Alert Date: Nov 03, 2021 | 1473 days ago
Showing 20 of 1464 Results

Filters