CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
8.1
CVE-2017-17562 - Embedthis GoAhead Remote Code Execution Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Embedthis
Description : Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-17562
9.8
CVE-2017-12149 - Red Hat JBoss Application Server Remote Code Execution Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Red Hat
Description : The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-12149
8.8
CVE-2010-1871 - Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Red Hat
Description : JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2010-1871
9.8
CVE-2020-17463 - Fuel CMS SQL Injection Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Fuel CMS
Description : FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-17463
9.1
CVE-2020-8816 - Pi-Hole AdminLTE Remote Code Execution Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Pi-hole
Description : Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8816
9.9
CVE-2019-10758 - MongoDB mongo-express Remote Code Execution Vulnerability -
Action Due Jun 10, 2022 Target Vendor : MongoDB
Description : mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-10758
9.8
CVE-2019-7238 - Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability -
Action Due Jun 10, 2022 Target Vendor : Sonatype
Description : Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-7238
10.0
CVE-2021-44228 - Apache Log4j2 Remote Code Execution Vulnerability -
Action Due Dec 24, 2021 Target Vendor : Apache
Description : Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution.
Action : For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-44228
9.1
CVE-2018-14847 - MikroTik Router OS Directory Traversal Vulnerability -
Action Due Jun 01, 2022 Target Vendor : MikroTik
Description : MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-14847
9.8
CVE-2021-37415 - Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability -
Action Due Dec 15, 2021 Target Vendor : Zoho
Description : Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-37415
9.0
CVE-2021-40438 - Apache HTTP Server-Side Request Forgery (SSRF) -
Action Due Dec 15, 2021 Target Vendor : Apache
Description : A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40438
9.8
CVE-2021-44077 - Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability -
Action Due Dec 15, 2021 Target Vendor : Zoho
Description : Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-44077
7.8
CVE-2020-11261 - Qualcomm Multiple Chipsets Improper Input Validation Vulnerability -
Action Due Jun 01, 2022 Target Vendor : Qualcomm
Description : Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-11261
7.8
CVE-2021-22204 - ExifTool Remote Code Execution Vulnerability -
Action Due Dec 01, 2021 Target Vendor : Perl
Description : Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-22204
7.8
CVE-2021-40449 - Microsoft Windows Win32k Privilege Escalation Vulnerability -
Action Due Dec 01, 2021 Target Vendor : Microsoft
Description : Unspecified vulnerability allows for an authenticated user to escalate privileges.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-40449
8.8
CVE-2021-42321 - Microsoft Exchange Server Remote Code Execution Vulnerability -
Action Due Dec 01, 2021 Target Vendor : Microsoft
Description : An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42321
7.8
CVE-2021-42292 - Microsoft Excel Security Feature Bypass -
Action Due Dec 01, 2021 Target Vendor : Microsoft
Description : A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-42292
7.8
CVE-2021-26858 - Microsoft Exchange Server Remote Code Execution Vulnerability -
Action Due Apr 16, 2021 Target Vendor : Microsoft
Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26858
7.5
CVE-2016-3976 - SAP NetWeaver Directory Traversal Vulnerability -
Action Due May 03, 2022 Target Vendor : SAP
Description : SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2016-3976
7.8
CVE-2021-27065 - Microsoft Exchange Server Remote Code Execution Vulnerability -
Action Due Apr 16, 2021 Target Vendor : Microsoft
Description : Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-27065