CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
8.6
CVE-2023-28206 - Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability -
Action Due May 01, 2023 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/HT213720, https://support.apple.com/en-us/HT213721; https://nvd.nist.gov/vuln/detail/CVE-2023-28206
8.1
CVE-2021-27876 - Veritas Backup Exec Agent File Access Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Veritas
Description : Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.veritas.com/support/en_US/security/VTS21-001; https://nvd.nist.gov/vuln/detail/CVE-2021-27876
9.8
CVE-2021-27877 - Veritas Backup Exec Agent Improper Authentication Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Veritas
Description : Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.veritas.com/support/en_US/security/VTS21-001; https://nvd.nist.gov/vuln/detail/CVE-2021-27877
9.0
CVE-2021-27878 - Veritas Backup Exec Agent Command Execution Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Veritas
Description : Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.veritas.com/support/en_US/security/VTS21-001; https://nvd.nist.gov/vuln/detail/CVE-2021-27878
3.3
CVE-2023-26083 - Arm Mali GPU Kernel Driver Information Disclosure Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Arm
Description : Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2023-26083
7.8
CVE-2019-1388 - Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability -
Action Due Apr 28, 2023 Target Vendor : Microsoft
Description : Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388; https://nvd.nist.gov/vuln/detail/CVE-2019-1388
6.1
CVE-2022-27926 - Zimbra Collaboration (ZCS) Cross-Site Scripting (XSS) Vulnerability -
Action Due Apr 24, 2023 Target Vendor : Zimbra
Description : Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://wiki.zimbra.com/wiki/Security_Center; https://nvd.nist.gov/vuln/detail/CVE-2022-27926
10.0
CVE-2017-7494 - Samba Remote Code Execution Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Samba
Description : Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.samba.org/samba/security/CVE-2017-7494.html; https://nvd.nist.gov/vuln/detail/CVE-2017-7494
9.8
CVE-2022-42948 - Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Fortra
Description : Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/; https://nvd.nist.gov/vuln/detail/CVE-2022-42948
6.1
CVE-2022-39197 - Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Fortra
Description : Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/; https://nvd.nist.gov/vuln/detail/CVE-2022-39197
9.3
CVE-2021-30900 - Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Apple
Description : Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/HT21286, https://support.apple.com/en-us/HT212868, https://support.apple.com/kb/HT212872; https://nvd.nist.gov/vuln/detail/CVE-2021-30900
8.8
CVE-2022-38181 - Arm Mali GPU Kernel Driver Use-After-Free Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Arm
Description : Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2022-38181
7.9
CVE-2023-0266 - Linux Kernel Use-After-Free Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Linux
Description : Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4; https://nvd.nist.gov/vuln/detail/CVE-2023-0266
7.8
CVE-2022-22706 - Arm Mali GPU Kernel Driver Unspecified Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Arm
Description : Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2022-22706
9.3
CVE-2013-3163 - Microsoft Internet Explorer Memory Corruption Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Microsoft
Description : Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055; https://nvd.nist.gov/vuln/detail/CVE-2013-3163
8.8
CVE-2022-3038 - Google Chromium Network Service Use-After-Free Vulnerability -
Action Due Apr 20, 2023 Target Vendor : Google
Description : Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html; https://nvd.nist.gov/vuln/detail/CVE-2022-3038
9.8
CVE-2023-26360 - Adobe ColdFusion Deserialization of Untrusted Data Vulnerability -
Action Due Apr 05, 2023 Target Vendor : Adobe
Description : Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html; https://nvd.nist.gov/vuln/detail/CVE-2023-26360
9.8
CVE-2023-23397 - Microsoft Office Outlook Privilege Escalation Vulnerability -
Action Due Apr 04, 2023 Target Vendor : Microsoft
Description : Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ; https://nvd.nist.gov/vuln/detail/CVE-2023-23397
4.4
CVE-2023-24880 - Microsoft Windows SmartScreen Security Feature Bypass Vulnerability -
Action Due Apr 04, 2023 Target Vendor : Microsoft
Description : Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880; https://nvd.nist.gov/vuln/detail/CVE-2023-24880
7.1
CVE-2022-41328 - Fortinet FortiOS Path Traversal Vulnerability -
Action Due Apr 04, 2023 Target Vendor : Fortinet
Description : Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.fortiguard.com/psirt/FG-IR-22-369; https://nvd.nist.gov/vuln/detail/CVE-2022-41328