CISA Known Exploited Vulnerabilities (KEV)
To support the cybersecurity community and help network defenders stay ahead of active threat activity, CISA publishes cisa alert today updates and maintains the authoritative catalog of known exploited vulnerabilities. This KEV database highlights vulnerabilities that have been actively used in real-world attacks, making it an essential resource for security teams aiming to strengthen their defenses.
Organizations should incorporate the KEV catalog into their vulnerability management prioritization framework to ensure they address high-risk issues efficiently and stay aligned with the latest threat intelligence. With frequent updates — including entries marked as cisa kev added today — the catalog enables teams to react quickly to emerging exploitation trends. To streamline monitoring and improve response time, CVEfeed.io provides the freshest CISA KEV additions, delivering real-time visibility into newly identified exploited vulnerabilities and helping organizations maintain accurate, up-to-date security postures.
8.8
CVE-2021-30665 - Apple Multiple Products WebKit Memory Corruption Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30665
8.8
CVE-2021-30661 - Apple Multiple Products WebKit Storage Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30661
9.8
CVE-2021-1871 - Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-1871
8.8
CVE-2021-30762 - Apple iOS WebKit Use-After-Free Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Apple
Description : Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-30762
9.3
CVE-2018-11776 - Apache Struts Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Apache
Description : Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace. Or, using URL tag which doesn't have value and action set and in same time, its upper package configuration have no or wildcard namespace.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-11776
10.0
CVE-2017-5638 - Apache Struts Remote Code Execution Vulnerability -
Action Due May 03, 2022 Target Vendor : Apache
Description : Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2017-5638
7.8
CVE-2020-0041 - Android Kernel Out-of-Bounds Write Vulnerability -
Action Due May 03, 2022 Target Vendor : Android
Description : Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0069 under exploit chain "AbstractEmu."
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Unknown
Notes : https://nvd.nist.gov/vuln/detail/CVE-2020-0041
9.8
CVE-2018-4878 - Adobe Flash Player Use-After-Free Vulnerability -
Action Due May 03, 2022 Target Vendor : Adobe
Description : Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution.
Action : The impacted product is end-of-life and should be disconnected if still in use.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2018-4878
7.8
CVE-2021-27102 - Accellion FTA OS Command Injection Vulnerability -
Action Due Nov 17, 2021 Target Vendor : Accellion
Description : Accellion FTA contains an OS command injection vulnerability exploited via a local web service call.
Action : Apply updates per vendor instructions.
Known To Be Used in Ransomware Campaigns? : Known
Notes : https://nvd.nist.gov/vuln/detail/CVE-2021-27102