CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
9.0
CVE-2020-1956 - Apache Kylin OS Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description : Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-1956
10.0
CVE-2020-2021 - Palo Alto Networks PAN-OS Authentication Bypass Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Palo Alto Networks
Description : Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-2021
9.8
CVE-2022-26143 - MiCollab, MiVoice Business Express Access Control Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Mitel
Description : A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-26143
7.8
CVE-2022-21999 - Microsoft Windows Print Spooler Privilege Escalation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-21999
10.0
CVE-2021-42237 - Sitecore XP Remote Command Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Sitecore
Description : Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42237
10.0
CVE-2021-22941 - Citrix ShareFile Improper Access Control Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description : Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22941
8.8
CVE-2020-9377 - D-Link DIR-610 Devices Remote Command Execution -
Action Due Apr 15, 2022 Target Vendor : D-Link
Description : D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-9377
10.0
CVE-2020-7247 - OpenSMTPD Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : OpenBSD
Description : smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-7247
7.5
CVE-2020-5410 - VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : VMware Tanzu
Description : Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-5410
10.0
CVE-2020-25223 - Sophos SG UTM Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Sophos
Description : A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-25223
9.8
CVE-2020-2506 - QNAP Helpdesk Improper Access Control Vulnerability -
Action Due Apr 15, 2022 Target Vendor : QNAP Systems
Description : QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-2506
8.1
CVE-2019-6340 - Drupal Core Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Drupal
Description : In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-6340
10.0
CVE-2019-16920 - D-Link Multiple Routers Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : D-Link
Description : Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-16920
10.0
CVE-2019-15107 - Webmin Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Webmin
Description : An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-15107
9.0
CVE-2019-12991 - Citrix SD-WAN and NetScaler Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description : Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-12991
9.8
CVE-2019-12989 - Citrix SD-WAN and NetScaler SQL Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Citrix
Description : Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-12989
9.8
CVE-2019-10068 - Kentico Xperience Deserialization of Untrusted Data Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Kentico
Description : Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-10068
9.9
CVE-2019-1003030 - Jenkins Matrix Project Plugin Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Jenkins
Description : Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-1003030
9.3
CVE-2019-0903 - Microsoft GDI Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-0903
9.3
CVE-2018-8414 - Microsoft Windows Shell Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-8414