CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
9.3
CVE-2014-6332 - Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-6332
9.0
CVE-2014-6324 - Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Microsoft
Description : The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-6324
10.0
CVE-2014-6287 - Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Rejetto
Description : The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-6287
8.1
CVE-2014-3120 - Elasticsearch Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Elastic
Description : Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-3120
7.5
CVE-2014-0130 - Ruby on Rails Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Rails
Description : Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-0130
5.4
CVE-2013-5223 - D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability -
Action Due Apr 15, 2022 Target Vendor : D-Link
Description : A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-5223
9.8
CVE-2013-2251 - Apache Struts Improper Input Validation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Apache
Description : Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-2251
9.8
CVE-2012-1823 - PHP-CGI Query String Parameter Vulnerability -
Action Due Apr 15, 2022 Target Vendor : PHP
Description : sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-1823
7.8
CVE-2010-4345 - Exim Privilege Escalation Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Exim
Description : Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-4345
9.8
CVE-2010-4344 - Exim Heap-Based Buffer Overflow Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Exim
Description : Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-4344
7.5
CVE-2010-3035 - Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description : Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-3035
9.8
CVE-2010-2861 - Adobe ColdFusion Directory Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description : A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-2861
4.3
CVE-2009-2055 - Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Cisco
Description : Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS).
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-2055
9.8
CVE-2009-1151 - phpMyAdmin Remote Code Execution Vulnerability -
Action Due Apr 15, 2022 Target Vendor : phpMyAdmin
Description : Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-1151
9.3
CVE-2009-0927 - Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Adobe
Description : Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2009-0927
9.8
CVE-2022-26318 - WatchGuard Firebox and XTM Appliances Arbitrary Code Execution -
Action Due Apr 15, 2022 Target Vendor : WatchGuard
Description : On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2022-26318
10.0
CVE-2020-9054 - Zyxel Multiple NAS Devices OS Command Injection Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Zyxel
Description : Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-9054
9.8
CVE-2020-1631 - Juniper Junos OS Path Traversal Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Juniper
Description : A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-1631
7.2
CVE-2019-2616 - Oracle BI Publisher Unauthorized Access Vulnerability -
Action Due Apr 15, 2022 Target Vendor : Oracle
Description : Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-2616
9.8
CVE-2019-11043 - PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability -
Action Due Apr 15, 2022 Target Vendor : PHP
Description : In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-11043