CISA Known Exploited Vulnerabilities (KEV)

Threat Intelligence

CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.

7.8

HIGH

CVE-2020-17087 - Microsoft Windows Kernel Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description :Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-17087

Alert Date: Nov 03, 2021 | 1638 days ago

7.8

HIGH

CVE-2016-0167 - Microsoft Win32k Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description :Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-0167

Alert Date: Nov 03, 2021 | 1638 days ago

9.8

CRITICAL

CVE-2021-38647 - Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Microsoft

Description :Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-38647

Alert Date: Nov 03, 2021 | 1638 days ago

9.0

HIGH

CVE-2014-1812 - Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description :Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Feb 26, 2026

Notes :https://nvd.nist.gov/vuln/detail/CVE-2014-1812

Alert Date: Nov 03, 2021 | 1638 days ago

10.0

HIGH

CVE-2021-22502 - Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Micro Focus

Description :Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-22502

Alert Date: Nov 03, 2021 | 1638 days ago

7.5

HIGH

CVE-2021-22506 - Micro Focus Access Manager Information Leakage Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Micro Focus

Description :Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-22506

Alert Date: Nov 03, 2021 | 1638 days ago

10.0

HIGH

CVE-2020-5902 - F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : F5

Description :F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-5902

Alert Date: Nov 03, 2021 | 1638 days ago

7.5

HIGH

CVE-2018-0296 - Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability -

Action Due May 03, 2022 Target Vendor : Cisco

Description :Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-0296

Alert Date: Nov 03, 2021 | 1638 days ago

8.2

HIGH

CVE-2021-23874 - McAfee Total Protection (MTP) Improper Privilege Management Vulnerability -

Action Due Nov 17, 2021 Target Vendor : McAfee

Description :McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-23874

Alert Date: Nov 03, 2021 | 1638 days ago

6.1

MEDIUM

CVE-2021-38000 - Google Chromium Intents Improper Input Validation Vulnerability -

Action Due Nov 17, 2021 Target Vendor : Google

Description :Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-38000

Alert Date: Nov 03, 2021 | 1638 days ago

10.0

HIGH

CVE-2020-0646 - Microsoft .NET Framework Remote Code Execution Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description :Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-0646

Alert Date: Nov 03, 2021 | 1638 days ago

7.8

HIGH

CVE-2020-24557 - Trend Micro Multiple Products Improper Access Control Vulnerability -

Action Due May 03, 2022 Target Vendor : Trend Micro

Description :Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-24557

Alert Date: Nov 03, 2021 | 1638 days ago

9.8

CRITICAL

CVE-2020-16846 - SaltStack Salt Shell Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : SaltStack

Description :SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-16846

Alert Date: Nov 03, 2021 | 1638 days ago

6.5

MEDIUM

CVE-2016-9563 - SAP NetWeaver XML External Entity (XXE) Vulnerability -

Action Due May 03, 2022 Target Vendor : SAP

Description :SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2016-9563

Alert Date: Nov 03, 2021 | 1638 days ago

9.8

CRITICAL

CVE-2017-9248 - Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability -

Action Due May 03, 2022 Target Vendor : Progress

Description :Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-9248

Alert Date: Nov 03, 2021 | 1638 days ago

9.8

CRITICAL

CVE-2019-5544 - VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability -

Action Due May 03, 2022 Target Vendor : VMware

Description :VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-5544

Alert Date: Nov 03, 2021 | 1638 days ago

10.0

HIGH

CVE-2020-3992 - VMware ESXi OpenSLP Use-After-Free Vulnerability -

Action Due May 03, 2022 Target Vendor : VMware

Description :VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3992

Alert Date: Nov 03, 2021 | 1638 days ago

7.8

HIGH

CVE-2020-3950 - VMware Multiple Products Privilege Escalation Vulnerability -

Action Due May 03, 2022 Target Vendor : VMware

Description :VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Unknown

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3950

Alert Date: Nov 03, 2021 | 1638 days ago

9.3

HIGH

CVE-2017-11882 - Microsoft Office Memory Corruption Vulnerability -

Action Due May 03, 2022 Target Vendor : Microsoft

Description :Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user.

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2017-11882

Alert Date: Nov 03, 2021 | 1638 days ago

10.0

CRITICAL

CVE-2020-12271 - Sophos SFOS SQL Injection Vulnerability -

Action Due May 03, 2022 Target Vendor : Sophos

Description :Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords).

Action :Apply updates per vendor instructions.

Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021

Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-12271

Alert Date: Nov 03, 2021 | 1638 days ago

Showing 20 of 1589 Results

Filters

What are you looking for ?

Date Added

Ransomware

Sort By

Browse by Apps

CISA Known Exploited Vulnerabilities (KEV)

7.8

7.8

9.8

9.0

10.0

7.5

10.0

7.5

8.2

6.1

10.0

7.8

9.8

6.5

9.8

9.8

10.0

7.8

9.3

10.0

Filters

Cookie Preferences