For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.
How to use the KEV Catalog
The KEV catalog is also available in the following formats:
CSV
JSON
JSON Schema (updated 06-25-2024)
Showing 1 - 20 of 1170
Ivanti | Cloud Services Appliance
CVE-2024-8190
Ivanti Cloud Services Appliance OS Command Injection Vulnerability: Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS.
Known To Be Used in Ransomware Campaigns? Unknown
Action: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates.
- Date Added: 2024-09-13
- Due Date: 2024-10-04
Additional Notes
Microsoft | Publisher
CVE-2024-38226
Microsoft Publisher Protection Mechanism Failure Vulnerability: Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-09-10
- Due Date: 2024-10-01
Additional Notes
Microsoft | Windows
CVE-2024-43491
Microsoft Windows Update Use-After-Free Vulnerability: Microsoft Windows Update contains a use-after-free vulnerability that allows for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-09-10
- Due Date: 2024-10-01
Additional Notes
Microsoft | Windows
CVE-2024-38014
Microsoft Windows Installer Improper Privilege Management Vulnerability: Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-09-10
- Due Date: 2024-10-01
Additional Notes
Microsoft | Windows
CVE-2024-38217
Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability: Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-09-10
- Due Date: 2024-10-01
Additional Notes
ImageMagick | ImageMagick
CVE-2016-3714
ImageMagick Improper Input Validation Vulnerability: ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-09-09
- Due Date: 2024-09-30
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588#p132726, https://imagemagick.org/archive/releases/; https://nvd.nist.gov/vuln/detail/CVE-2016-3714
Related CWE:
Linux | Kernel
CVE-2017-1000253
Linux Kernel PIE Stack Buffer Corruption Vulnerability : Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-09-09
- Due Date: 2024-09-30
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86; https://nvd.nist.gov/vuln/detail/CVE-2017-1000253
Related CWE:
SonicWall | SonicOS
CVE-2024-40766
SonicWall SonicOS Improper Access Control Vulnerability: SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-09-09
- Due Date: 2024-09-30
Additional Notes
DrayTek | VigorConnect
CVE-2021-20123
Draytek VigorConnect Path Traversal Vulnerability : Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-09-03
- Due Date: 2024-09-24
Additional Notes
https://www.draytek.com/about/security-advisory/vigorconnect-software-security-vulnerability-(cve-2021-20123-cve-2021-20129); https://nvd.nist.gov/vuln/detail/CVE-2021-20123
Related CWE:
DrayTek | VigorConnect
CVE-2021-20124
Draytek VigorConnect Path Traversal Vulnerability : Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-09-03
- Due Date: 2024-09-24
Additional Notes
https://www.draytek.com/about/security-advisory/vigorconnect-software-security-vulnerability-(cve-2021-20123-cve-2021-20129); https://nvd.nist.gov/vuln/detail/CVE-2021-20124
Related CWE:
Kingsoft | WPS Office
CVE-2024-7262
Kingsoft WPS Office Path Traversal Vulnerability: Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-09-03
- Due Date: 2024-09-24
Additional Notes
While CISA cannot confirm the effectiveness of patches at this time, it is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue the use of the product.; https://nvd.nist.gov/vuln/detail/CVE-2024-7262
Related CWE:
Google | Chromium V8
CVE-2024-7965
Google Chromium V8 Inappropriate Implementation Vulnerability: Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-08-28
- Due Date: 2024-09-18
Additional Notes
Apache | OFBiz
CVE-2024-38856
Apache OFBiz Incorrect Authorization Vulnerability: Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-08-27
- Due Date: 2024-09-17
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w; https://nvd.nist.gov/vuln/detail/CVE-2024-38856
Related CWE:
Google | Chromium V8
CVE-2024-7971
Google Chromium V8 Type Confusion Vulnerability: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-08-26
- Due Date: 2024-09-16
Additional Notes
Versa | Director
CVE-2024-39717
Versa Director Dangerous File Type Upload Vulnerability: The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The “Change Favicon” (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-08-23
- Due Date: 2024-09-13
Additional Notes
Dahua | IP Camera Firmware
CVE-2021-33044
Dahua IP Camera Authentication Bypass Vulnerability: Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-08-21
- Due Date: 2024-09-11
Additional Notes
Dahua | IP Camera Firmware
CVE-2021-33045
Dahua IP Camera Authentication Bypass Vulnerability: Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-08-21
- Due Date: 2024-09-11
Additional Notes
Linux | Kernel
CVE-2022-0185
Linux Kernel Heap-Based Buffer Overflow Vulnerability: Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable.
- Date Added: 2024-08-21
- Due Date: 2024-09-11
Additional Notes
This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=722d94847de2; https://nvd.nist.gov/vuln/detail/CVE-2022-0185
Related CWE:
Microsoft | Exchange Server
CVE-2021-31196
Microsoft Exchange Server Information Disclosure Vulnerability: Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution.
Known To Be Used in Ransomware Campaigns? Unknown
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-08-21
- Due Date: 2024-09-11
Additional Notes
Jenkins | Jenkins Command Line Interface (CLI)
CVE-2024-23897
Jenkins Command Line Interface (CLI) Path Traversal Vulnerability: Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.
Known To Be Used in Ransomware Campaigns? Known
Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Date Added: 2024-08-19
- Due Date: 2024-09-09
Additional Notes
Subscribe to the KEV Catalog Updates
Stay up to date on the latest known exploited vulnerabilities.
