CISA Known Exploited Vulnerabilities (KEV)

  1. Home
  2. CISA KEV

To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.

Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.

    9.0

    HIGH
    CVE-2017-6334 - NETGEAR DGN2200 Devices OS Command Injection Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : NETGEAR

    Description : dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6334

    Alert Date: Mar 25, 2022 | 1331 days ago

    10.0

    HIGH
    CVE-2017-6316 - Citrix Multiple Products Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Citrix

    Description : A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6316

    Alert Date: Mar 25, 2022 | 1331 days ago

    10.0

    HIGH
    CVE-2017-3881 - Cisco IOS and IOS XE Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Cisco

    Description : A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-3881

    Alert Date: Mar 25, 2022 | 1331 days ago

    8.1

    HIGH
    CVE-2017-12617 - Apache Tomcat Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Apache

    Description : When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12617

    Alert Date: Mar 25, 2022 | 1331 days ago

    9.3

    HIGH
    CVE-2017-0146 - Microsoft Windows SMB Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Microsoft

    Description : The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Known

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-0146

    Alert Date: Mar 25, 2022 | 1331 days ago

    9.3

    HIGH
    CVE-2016-7892 - Adobe Flash Player Use-After-Free Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Adobe

    Description : Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-7892

    Alert Date: Mar 25, 2022 | 1331 days ago

    10.0

    HIGH
    CVE-2016-4171 - Adobe Flash Player Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Adobe

    Description : Unspecified vulnerability in Adobe Flash Player allows for remote code execution.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-4171

    Alert Date: Mar 25, 2022 | 1331 days ago

    10.0

    HIGH
    CVE-2016-1555 - NETGEAR Multiple WAP Devices Command Injection Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : NETGEAR

    Description : Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-1555

    Alert Date: Mar 25, 2022 | 1331 days ago

    9.0

    HIGH
    CVE-2016-11021 - D-Link DCS-930L Devices OS Command Injection Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : D-Link

    Description : setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-11021

    Alert Date: Mar 25, 2022 | 1331 days ago

    10.0

    HIGH
    CVE-2016-10174 - NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : NETGEAR

    Description : The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-10174

    Alert Date: Mar 25, 2022 | 1331 days ago

    9.4

    HIGH
    CVE-2015-4068 - Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Arcserve

    Description : Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-4068

    Alert Date: Mar 25, 2022 | 1331 days ago

    7.8

    HIGH
    CVE-2015-3035 - TP-Link Multiple Archer Devices Directory Traversal Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : TP-Link

    Description : Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-3035

    Alert Date: Mar 25, 2022 | 1331 days ago

    9.8

    CRITICAL
    CVE-2015-1427 - Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Elastic

    Description : The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1427

    Alert Date: Mar 25, 2022 | 1331 days ago

    10.0

    HIGH
    CVE-2015-1187 - D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : D-Link and TRENDnet

    Description : The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution.

    Action : The impacted product is end-of-life and should be disconnected if still in use.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1187

    Alert Date: Mar 25, 2022 | 1331 days ago

    9.3

    HIGH
    CVE-2014-6332 - Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Microsoft

    Description : OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-6332

    Alert Date: Mar 25, 2022 | 1331 days ago

    9.0

    HIGH
    CVE-2014-6324 - Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Microsoft

    Description : The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-6324

    Alert Date: Mar 25, 2022 | 1331 days ago

    10.0

    HIGH
    CVE-2014-6287 - Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Rejetto

    Description : The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-6287

    Alert Date: Mar 25, 2022 | 1331 days ago

    8.1

    HIGH
    CVE-2014-3120 - Elasticsearch Remote Code Execution Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Elastic

    Description : Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-3120

    Alert Date: Mar 25, 2022 | 1331 days ago

    7.5

    HIGH
    CVE-2014-0130 - Ruby on Rails Directory Traversal Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : Rails

    Description : Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-0130

    Alert Date: Mar 25, 2022 | 1331 days ago

    5.4

    MEDIUM
    CVE-2013-5223 - D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability -

    Action Due Apr 15, 2022 Target Vendor : D-Link

    Description : A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.

    Action : Apply updates per vendor instructions.

    Known To Be Used in Ransomware Campaigns? : Unknown

    Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-5223

    Alert Date: Mar 25, 2022 | 1331 days ago
Showing 20 of 1464 Results

Filters