CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
10.0
CVE-2020-8599 - Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability -
Action Due May 03, 2022 Target Vendor : Trend Micro
Description : Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8599
8.8
CVE-2020-8468 - Trend Micro Multiple Products Content Validation Escape Vulnerability -
Action Due May 03, 2022 Target Vendor : Trend Micro
Description : Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8468
8.8
CVE-2020-8467 - Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Trend Micro
Description : Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-8467
8.8
CVE-2019-18187 - Trend Micro OfficeScan Directory Traversal Vulnerability -
Action Due May 03, 2022 Target Vendor : Trend Micro
Description : Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-18187
9.3
CVE-2019-9082 - ThinkPHP Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : ThinkPHP
Description : ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2019-9082
9.8
CVE-2018-20062 - ThinkPHP "noneCms" Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : ThinkPHP
Description : ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-20062
10.0
CVE-2018-14558 - Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability -
Action Due May 03, 2022 Target Vendor : Tenda
Description : Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to the "formsetUsbUnload" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-14558
10.0
CVE-2020-10987 - Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Tenda
Description : Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-10987
10.0
CVE-2021-31755 - Tenda AC11 Router Stack Buffer Overflow Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Tenda
Description : Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-31755
9.8
CVE-2017-9248 - Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability -
Action Due May 03, 2022 Target Vendor : Progress
Description : Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-9248
8.8
CVE-2017-6327 - Symantec Messaging Gateway Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Symantec
Description : Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-6327
10.0
CVE-2021-27104 - Accellion FTA OS Command Injection Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Accellion
Description : Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27104
7.8
CVE-2021-27102 - Accellion FTA OS Command Injection Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Accellion
Description : Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27102
9.8
CVE-2018-4878 - Adobe Flash Player Use-After-Free Vulnerability -
Action Due May 03, 2022 Target Vendor : Adobe
Description : Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-4878
7.8
CVE-2020-0041 - Android Kernel Out-of-Bounds Write Vulnerability -
Action Due May 03, 2022 Target Vendor : Android
Description : Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0069 under exploit chain "AbstractEmu."
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-0041
10.0
CVE-2017-5638 - Apache Struts Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Apache
Description : Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-5638
9.3
CVE-2018-11776 - Apache Struts Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Apache
Description : Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Or, using URL tag which doesn't have value and action set and in same time, its upper package configuration have no or wildcard namespace.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-11776
8.8
CVE-2021-30762 - Apple iOS WebKit Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30762
9.8
CVE-2021-1871 - Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1871
8.8
CVE-2021-30661 - Apple Multiple Products WebKit Storage Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30661