CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
7.2
CVE-2020-5741 - Plex Media Server Remote Code Execution Vulnerability -
Action Due Mar 31, 2023 Target Vendor : Plex
Description : Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819; https://nvd.nist.gov/vuln/detail/CVE-2020-5741
8.5
CVE-2021-39144 - XStream Remote Code Execution Vulnerability -
Action Due Mar 31, 2023 Target Vendor : XStream
Description : XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.vmware.com/security/advisories/VMSA-2022-0027.html, https://x-stream.github.io/CVE-2021-39144.html; https://nvd.nist.gov/vuln/detail/CVE-2021-39144
7.1
CVE-2022-28810 - Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability -
Action Due Mar 28, 2023 Target Vendor : Zoho
Description : Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28810.html; https://nvd.nist.gov/vuln/detail/CVE-2022-28810
8.8
CVE-2022-33891 - Apache Spark Command Injection Vulnerability -
Action Due Mar 28, 2023 Target Vendor : Apache
Description : Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc; https://nvd.nist.gov/vuln/detail/CVE-2022-33891
9.8
CVE-2022-35914 - Teclib GLPI Remote Code Execution Vulnerability -
Action Due Mar 28, 2023 Target Vendor : Teclib
Description : Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://glpi-project.org/fr/glpi-10-0-3-disponible/, http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed.; https://nvd.nist.gov/vuln/detail/CVE-2022-35914
7.5
CVE-2022-36537 - ZK Framework AuUploader Unspecified Vulnerability -
Action Due Mar 20, 2023 Target Vendor : ZK Framework
Description : ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://tracker.zkoss.org/browse/ZK-5150; https://nvd.nist.gov/vuln/detail/CVE-2022-36537
9.8
CVE-2022-47986 - IBM Aspera Faspex Code Execution Vulnerability -
Action Due Mar 14, 2023 Target Vendor : IBM
Description : IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://exchange.xforce.ibmcloud.com/vulnerabilities/243512?_ga=2.189195179.1800390251.1676559338-700333034.1676325890; https://nvd.nist.gov/vuln/detail/CVE-2022-47986
6.8
CVE-2022-41223 - Mitel MiVoice Connect Code Injection Vulnerability -
Action Due Mar 14, 2023 Target Vendor : Mitel
Description : The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008; https://nvd.nist.gov/vuln/detail/CVE-2022-41223
6.8
CVE-2022-40765 - Mitel MiVoice Connect Command Injection Vulnerability -
Action Due Mar 14, 2023 Target Vendor : Mitel
Description : The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007; https://nvd.nist.gov/vuln/detail/CVE-2022-40765
9.8
CVE-2022-46169 - Cacti Command Injection Vulnerability -
Action Due Mar 09, 2023 Target Vendor : Cacti
Description : Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf; https://nvd.nist.gov/vuln/detail/CVE-2022-46169
7.8
CVE-2023-23376 - Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability -
Action Due Mar 07, 2023 Target Vendor : Microsoft
Description : Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23376; https://nvd.nist.gov/vuln/detail/CVE-2023-23376
7.8
CVE-2023-21823 - Microsoft Windows Graphic Component Privilege Escalation Vulnerability -
Action Due Mar 07, 2023 Target Vendor : Microsoft
Description : Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21823; https://nvd.nist.gov/vuln/detail/CVE-2023-21823
7.3
CVE-2023-21715 - Microsoft Office Publisher Security Feature Bypass Vulnerability -
Action Due Mar 07, 2023 Target Vendor : Microsoft
Description : Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21715; https://nvd.nist.gov/vuln/detail/CVE-2023-21715
8.8
CVE-2023-23529 - Apple Multiple Products WebKit Type Confusion Vulnerability -
Action Due Mar 07, 2023 Target Vendor : Apple
Description : Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.apple.com/en-us/HT213635, https://support.apple.com/en-us/HT213633, https://support.apple.com/en-us/HT213638; https://nvd.nist.gov/vuln/detail/CVE-2023-23529
7.8
CVE-2015-2291 - Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability -
Action Due Mar 03, 2023 Target Vendor : Intel
Description : Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS).
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00051.html; https://nvd.nist.gov/vuln/detail/CVE-2015-2291
9.8
CVE-2022-24990 - TerraMaster OS Remote Command Execution Vulnerability -
Action Due Mar 03, 2023 Target Vendor : TerraMaster
Description : TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://forum.terra-master.com/en/viewtopic.php?t=3030; https://nvd.nist.gov/vuln/detail/CVE-2022-24990
7.2
CVE-2023-0669 - Fortra GoAnywhere MFT Remote Code Execution Vulnerability -
Action Due Mar 03, 2023 Target Vendor : Fortra
Description : Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml. Fortra users must have an account in order to login and access the patch.; https://nvd.nist.gov/vuln/detail/CVE-2023-0669
9.8
CVE-2022-21587 - Oracle E-Business Suite Unspecified Vulnerability -
Action Due Feb 23, 2023 Target Vendor : Oracle
Description : Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://www.oracle.com/security-alerts/cpuoct2022.html; https://nvd.nist.gov/vuln/detail/CVE-2022-21587
8.8
CVE-2023-22952 - Multiple SugarCRM Products Remote Code Execution Vulnerability -
Action Due Feb 23, 2023 Target Vendor : SugarCRM
Description : Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/; https://nvd.nist.gov/vuln/detail/CVE-2023-22952
9.8
CVE-2017-11357 - Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability -
Action Due Feb 16, 2023 Target Vendor : Telerik
Description : Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference; https://nvd.nist.gov/vuln/detail/CVE-2017-11357