CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
10.0
CVE-2021-45382 - D-Link Multiple Routers Remote Code Execution Vulnerability -
Action Due Apr 25, 2022 Target Vendor : D-Link
Description : A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-45382
9.8
CVE-2022-1040 - Sophos Firewall Authentication Bypass Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Sophos
Description : An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-1040
7.8
CVE-2021-34484 - Microsoft Windows User Profile Service Privilege Escalation Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Microsoft
Description : Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-34484
8.8
CVE-2021-21551 - Dell dbutil Driver Insufficient Access Control Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Dell
Description : Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-21551
9.8
CVE-2018-10561 - Dasan GPON Routers Authentication Bypass Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Dasan
Description : Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-10561
9.8
CVE-2022-26871 - Trend Micro Apex Central Arbitrary File Upload Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Trend Micro
Description : An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-26871
10.0
CVE-2021-28799 - QNAP NAS Improper Authorization Vulnerability -
Action Due Apr 21, 2022 Target Vendor : QNAP
Description : QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-28799
9.8
CVE-2018-10562 - Dasan GPON Routers Command Injection Vulnerability -
Action Due Apr 21, 2022 Target Vendor : Dasan
Description : Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-10562
10.0
CVE-2022-0543 - Debian-specific Redis Server Lua Sandbox Escape Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Redis
Description : Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-0543
7.8
CVE-2021-38646 - Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-38646
7.8
CVE-2021-34486 - Microsoft Windows Event Tracing Privilege Escalation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-34486
9.8
CVE-2021-20028 - SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability -
Action Due Apr 18, 2022 Target Vendor : SonicWall
Description : SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-20028
7.5
CVE-2019-7483 - SonicWall SMA100 Directory Traversal Vulnerability -
Action Due Apr 18, 2022 Target Vendor : SonicWall
Description : In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7483
7.8
CVE-2018-8440 - Microsoft Windows Privilege Escalation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8440
7.8
CVE-2018-8406 - Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8406
7.8
CVE-2018-8405 - Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8405
7.3
CVE-2017-0213 - Microsoft Windows Privilege Escalation Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0213
4.3
CVE-2017-0059 - Microsoft Internet Explorer Information Disclosure Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0059
8.1
CVE-2017-0037 - Microsoft Edge and Internet Explorer Type Confusion Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0037
8.8
CVE-2016-7200 - Microsoft Edge Memory Corruption Vulnerability -
Action Due Apr 18, 2022 Target Vendor : Microsoft
Description : The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-7200