CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
9.3
CVE-2015-2545 - Microsoft Office Malformed EPS File Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description : Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2545
9.3
CVE-2015-2424 - Microsoft PowerPoint Memory Corruption Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description : Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2424
7.8
CVE-2015-2387 - Microsoft ATM Font Driver Privilege Escalation Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description : ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-2387
7.8
CVE-2015-1701 - Microsoft Win32k Privilege Escalation Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description : An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1701
9.3
CVE-2015-1642 - Microsoft Office Memory Corruption Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description : Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2015-1642
10.0
CVE-2014-0496 - Adobe Reader and Acrobat Use-After-Free Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Adobe
Description : Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2014-0496
7.8
CVE-2013-5065 - Microsoft Windows Kernel Privilege Escalation Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description : Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-5065
10.0
CVE-2013-3346 - Adobe Reader and Acrobat Memory Corruption Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Adobe
Description : Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-3346
6.5
CVE-2013-1675 - Mozilla Firefox Information Disclosure Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Mozilla
Description : Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-1675
9.3
CVE-2013-1347 - Microsoft Internet Explorer Remote Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description : This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-1347
9.3
CVE-2013-0641 - Adobe Reader Buffer Overflow Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Adobe
Description : A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-0641
9.3
CVE-2013-0640 - Adobe Reader and Acrobat Memory Corruption Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Adobe
Description : An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-0640
10.0
CVE-2013-0632 - Adobe ColdFusion Authentication Bypass Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Adobe
Description : An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2013-0632
9.3
CVE-2012-1856 - Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description : The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-1856
10.0
CVE-2012-1723 - Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Oracle
Description : Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-1723
9.3
CVE-2012-1535 - Adobe Flash Player Arbitrary Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Adobe
Description : Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-1535
10.0
CVE-2012-0507 - Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Oracle
Description : An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2012-0507
10.0
CVE-2011-1889 - Microsoft Forefront TMG Remote Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description : A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2011-1889
9.3
CVE-2011-0611 - Adobe Flash Player Remote Code Execution Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Adobe
Description : Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2011-0611
9.3
CVE-2010-3333 - Microsoft Office Stack-based Buffer Overflow Vulnerability -
Action Due Mar 24, 2022 Target Vendor : Microsoft
Description : A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-3333