Known Exploited Vulnerabilities Catalog | CISA (original) (raw)

For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework.

How to use the KEV Catalog

The KEV catalog is also available in these formats:

CSV
JSON
JSON Schema (updated 06-25-2024)
Print View
License

CVE-2020-11023

JQuery Cross-Site Scripting (XSS) Vulnerability: JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2025-01-23
• Due Date: 2025-02-13

Additional Notes

CVE-2024-50603

Aviatrix Controllers OS Command Injection Vulnerability: Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2025-01-16
• Due Date: 2025-02-06

Additional Notes

Fortinet | FortiOS and FortiProxy

CVE-2024-55591

Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability: Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2025-01-14
• Due Date: 2025-01-21

Additional Notes

CVE-2025-21333

Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability: Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2025-01-14
• Due Date: 2025-02-04

Additional Notes

CVE-2025-21334

Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability: Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2025-01-14
• Due Date: 2025-02-04

Additional Notes

CVE-2025-21335

Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability: Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2025-01-14
• Due Date: 2025-02-04

Additional Notes

BeyondTrust | Privileged Remote Access (PRA) and Remote Support (RS)

CVE-2024-12686

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability: BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2025-01-13
• Due Date: 2025-02-03

Additional Notes

CVE-2023-48365

Qlik Sense HTTP Tunneling Vulnerability: Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2025-01-13
• Due Date: 2025-02-03

Additional Notes

Ivanti | Connect Secure, Policy Secure, and ZTA Gateways

CVE-2025-0282

Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability: Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service.

• Date Added: 2025-01-08
• Due Date: 2025-01-15

Additional Notes

CVE-2024-41713

Mitel MiCollab Path Traversal Vulnerability: Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2025-01-07
• Due Date: 2025-01-28

Additional Notes

CVE-2024-55550

Mitel MiCollab Path Traversal Vulnerability: Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2025-01-07
• Due Date: 2025-01-28

Additional Notes

CVE-2020-2883

Oracle WebLogic Server Unspecified Vulnerability: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2025-01-07
• Due Date: 2025-01-28

Additional Notes

Palo Alto Networks | PAN-OS

CVE-2024-3393

Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability: Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2024-12-30
• Due Date: 2025-01-20

Additional Notes

Acclaim Systems | USAHERDS

CVE-2021-44207

Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability : Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Please contact the product developer for support and vulnerability mitigation.

• Date Added: 2024-12-23
• Due Date: 2025-01-13

Additional Notes

BeyondTrust | Privileged Remote Access (PRA) and Remote Support (RS)

CVE-2024-12356

BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability : BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user.

Known To Be Used in Ransomware Campaigns? Unknown

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2024-12-19
• Due Date: 2024-12-27

Additional Notes

CVE-2018-14933

NUUO NVRmini Devices OS Command Injection Vulnerability : NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

• Date Added: 2024-12-18
• Due Date: 2025-01-08

Additional Notes

CVE-2022-23227

NUUO NVRmini2 Devices Missing Authentication Vulnerability : NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product.

• Date Added: 2024-12-18
• Due Date: 2025-01-08

Additional Notes

Reolink | Multiple IP Cameras

CVE-2019-11001

Reolink Multiple IP Cameras OS Command Injection Vulnerability: Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the "TestEmail" functionality to inject and run OS commands as root.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.

• Date Added: 2024-12-18
• Due Date: 2025-01-08

Additional Notes

Reolink | RLC-410W IP Camera

CVE-2021-40407

Reolink RLC-410W IP Camera OS Command Injection Vulnerability : Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality.

Known To Be Used in Ransomware Campaigns? Unknown

Action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable.

• Date Added: 2024-12-18
• Due Date: 2025-01-08

Additional Notes

CVE-2024-55956

Cleo Multiple Products Unauthenticated File Upload Vulnerability: Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory.

Known To Be Used in Ransomware Campaigns? Known

Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

• Date Added: 2024-12-17
• Due Date: 2025-01-07

Additional Notes

Subscribe to the KEV Catalog Updates

Stay up to date on the latest known exploited vulnerabilities.

Subscribe Now