CISA Known Exploited Vulnerabilities (KEV)
CISA's Known Exploited Vulnerabilities (KEV) catalog lists vulnerabilities actively used in real-world attacks. CVEFeed.io tracks the latest additions so you can prioritize remediation as new entries are published.
9.8
CVE-2018-20062 - ThinkPHP "noneCms" Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : ThinkPHP
Description :ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2018-20062
10.0
CVE-2020-29583 - Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability -
Action Due May 03, 2022 Target Vendor : Zyxel
Description :Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-29583
9.8
CVE-2020-3952 - VMware vCenter Server Information Disclosure Vulnerability -
Action Due May 03, 2022 Target Vendor : VMware
Description :VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3952
10.0
CVE-2021-21972 - VMware vCenter Server Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : VMware
Description :VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-21972
10.0
CVE-2021-21985 - VMware vCenter Server Improper Input Validation Vulnerability -
Action Due Nov 17, 2021 Target Vendor : VMware
Description :VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-21985
9.1
CVE-2020-4006 - Multiple VMware Products Command Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : VMware
Description :VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-4006
10.0
CVE-2020-25213 - WordPress File Manager Plugin Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : WordPress
Description :WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-25213
6.1
CVE-2019-9978 - WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability -
Action Due May 03, 2022 Target Vendor : WordPress
Description :WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-9978
9.3
CVE-2021-30869 - Apple iOS, iPadOS, and macOS Type Confusion Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description :Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30869
7.5
CVE-2019-8394 - Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability -
Action Due May 03, 2022 Target Vendor : Zoho
Description :Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-8394
8.8
CVE-2021-21148 - Google Chromium V8 Heap Buffer Overflow Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Google
Description :Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-21148
8.8
CVE-2021-30551 - Google Chromium V8 Type Confusion Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Google
Description :Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30551
8.8
CVE-2021-30663 - Apple Multiple Products WebKit Integer Overflow Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description :Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30663
5.5
CVE-2021-30657 - Apple macOS Unspecified Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description :Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30657
9.0
CVE-2021-28664 - Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Arm
Description :Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt memory, and modify the memory of other processes.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-28664
9.0
CVE-2021-28663 - Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Arm
Description :Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-28663
9.0
CVE-2019-3398 - Atlassian Confluence Server and Data Center Path Traversal Vulnerability -
Action Due May 03, 2022 Target Vendor : Atlassian
Description :Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2019-3398
9.8
CVE-2021-26084 - Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Atlassian
Description :Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-26084
7.8
CVE-2021-30713 - Apple macOS Unspecified Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description :Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes :https://nvd.nist.gov/vuln/detail/CVE-2021-30713
6.1
CVE-2020-3580 - Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability -
Action Due May 03, 2022 Target Vendor : Cisco
Description :Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface. Successful exploitation could allow an attacker to perform cross-site scripting (XSS) in the context of the interface or access sensitive browser-based information.
Action :Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known Detected Nov 03, 2021
Notes :https://nvd.nist.gov/vuln/detail/CVE-2020-3580