{"metadata": {"count": 1540, "page": 1, "per_page": 100}, "data": [{"uuid": "3ce3cc37-bae9-4b59-8eea-e4d47a9d60ab", "vulnerability": {"vulnId": "CVE-2025-68613", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "3ce3cc37-bae9-4b59-8eea-e4d47a9d60ab"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-11T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-11T00:00:00Z", "recorded_at": "2026-03-11T18:00:01Z", "first_seen_at": "2026-03-11T00:00:00Z"}, "scope": {"notes": "KEV entry: n8n Improper Control of Dynamically-Managed Code Resources Vulnerability | Affected: n8n / n8n | Description: n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp ; https://nvd.nist.gov/vuln/detail/CVE-2025-68613"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-913"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "n8n", "due_date": "2026-03-25", "date_added": "2026-03-11", "vendorProject": "n8n", "vulnerabilityName": "n8n Improper Control of Dynamically-Managed Code Resources Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2025-68613", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-68613"}]}, {"uuid": "6e94730d-17c7-46e9-89a8-ad43bd72438b", "vulnerability": {"vulnId": "CVE-2026-1603", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "6e94730d-17c7-46e9-89a8-ad43bd72438b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-09T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-09T00:00:00Z", "recorded_at": "2026-03-09T20:00:01Z", "first_seen_at": "2026-03-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability | Affected: Ivanti /  Endpoint Manager (EPM) | Description: Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": " Endpoint Manager (EPM)", "due_date": "2026-03-23", "date_added": "2026-03-09", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-1603", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-1603"}]}, {"uuid": "70150c7d-d6de-447e-b47b-c24838ffd8eb", "vulnerability": {"vulnId": "CVE-2025-26399", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "70150c7d-d6de-447e-b47b-c24838ffd8eb"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-09T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-09T00:00:00Z", "recorded_at": "2026-03-09T20:00:01Z", "first_seen_at": "2026-03-09T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | Affected: SolarWinds / Web Help Desk | Description: SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Web Help Desk", "due_date": "2026-03-12", "date_added": "2026-03-09", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2025-26399", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-26399"}]}, {"uuid": "0361e2ef-9298-4c7a-82e3-9876dff4863b", "vulnerability": {"vulnId": "CVE-2021-22054", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "0361e2ef-9298-4c7a-82e3-9876dff4863b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-09T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-09T00:00:00Z", "recorded_at": "2026-03-09T20:00:01Z", "first_seen_at": "2026-03-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Omnissa Workspace ONE Server-Side Request Forgery | Affected: Omnissa / Workspace One UEM | Description: Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Workspace One UEM", "due_date": "2026-03-23", "date_added": "2026-03-09", "vendorProject": "Omnissa", "vulnerabilityName": "Omnissa Workspace ONE Server-Side Request Forgery", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2021-22054", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22054"}]}, {"uuid": "b12703a3-d0b6-4b27-9bdb-2ff8b6bcac69", "vulnerability": {"vulnId": "CVE-2023-41974", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "b12703a3-d0b6-4b27-9bdb-2ff8b6bcac69"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-05T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-05T00:00:00Z", "recorded_at": "2026-03-05T20:00:01Z", "first_seen_at": "2026-03-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS and iPadOS Use-After-Free Vulnerability | Affected: Apple / iOS and iPadOS | Description: Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS and iPadOS", "due_date": "2026-03-26", "date_added": "2026-03-05", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS and iPadOS Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2023-41974", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41974"}]}, {"uuid": "379199da-aea6-4ca8-b09f-48e2998d1109", "vulnerability": {"vulnId": "CVE-2021-30952", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "379199da-aea6-4ca8-b09f-48e2998d1109"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-05T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-05T00:00:00Z", "recorded_at": "2026-03-05T20:00:01Z", "first_seen_at": "2026-03-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Integer Overflow or Wraparound Vulnerability | Affected: Apple / Multiple Products | Description: Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2026-03-26", "date_added": "2026-03-05", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Integer Overflow or Wraparound Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2021-30952", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30952"}]}, {"uuid": "7d532c4e-9269-4754-afbc-fd3d7c022704", "vulnerability": {"vulnId": "CVE-2023-43000", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "7d532c4e-9269-4754-afbc-fd3d7c022704"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-05T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-05T00:00:00Z", "recorded_at": "2026-03-05T20:00:01Z", "first_seen_at": "2026-03-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple products Use-After-Free Vulnerability | Affected: Apple / Multiple Products | Description: Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2026-03-26", "date_added": "2026-03-05", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple products Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2023-43000", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-43000"}]}, {"uuid": "632a9e60-6cf6-423c-b2fd-bf11fe9b16c8", "vulnerability": {"vulnId": "CVE-2021-22681", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "632a9e60-6cf6-423c-b2fd-bf11fe9b16c8"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-05T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-05T00:00:00Z", "recorded_at": "2026-03-05T20:00:01Z", "first_seen_at": "2026-03-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability | Affected: Rockwell / Multiple Products | Description: Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this vulnerability could allow an unauthorized application to connect with Logix controllers. To leverage this vulnerability, an unauthorized user would require network access to the controller. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-522"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2026-03-26", "date_added": "2026-03-05", "vendorProject": "Rockwell", "vulnerabilityName": "Rockwell Multiple Products Insufficient Protected Credentials Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2021-22681", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22681"}]}, {"uuid": "e651cd03-3d09-4248-ad89-47ab28588441", "vulnerability": {"vulnId": "CVE-2017-7921", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "e651cd03-3d09-4248-ad89-47ab28588441"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-05T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-05T00:00:00Z", "recorded_at": "2026-03-05T20:00:01Z", "first_seen_at": "2026-03-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Hikvision Multiple Products Improper Authentication Vulnerability | Affected: Hikvision / Multiple Products | Description: Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2026-03-26", "date_added": "2026-03-05", "vendorProject": "Hikvision", "vulnerabilityName": "Hikvision Multiple Products Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2017-7921", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-7921"}]}, {"uuid": "07ee4950-01cf-43fa-a180-c02f8be6535a", "vulnerability": {"vulnId": "CVE-2026-21385", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "07ee4950-01cf-43fa-a180-c02f8be6535a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-03T00:00:00Z", "recorded_at": "2026-03-03T18:00:01Z", "first_seen_at": "2026-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Memory Corruption Vulnerability | Affected: Qualcomm / Multiple Chipsets | Description: Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2026-03-24", "date_added": "2026-03-03", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-21385", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21385"}]}, {"uuid": "ce9dac89-1ea9-401b-b75e-65cc2acc5949", "vulnerability": {"vulnId": "CVE-2026-22719", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "ce9dac89-1ea9-401b-b75e-65cc2acc5949"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-03T00:00:00Z", "recorded_at": "2026-03-03T18:00:01Z", "first_seen_at": "2026-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Broadcom VMware Aria Operations Command Injection Vulnerability | Affected: Broadcom / VMware Aria Operations | Description: Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potentially leading to remote code execution during support\u2011assisted product migration. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VMware Aria Operations", "due_date": "2026-03-24", "date_added": "2026-03-03", "vendorProject": "Broadcom", "vulnerabilityName": "Broadcom VMware Aria Operations Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-22719", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-22719"}]}, {"uuid": "0036be7f-5d6e-4585-9861-52a8e23b40b6", "vulnerability": {"vulnId": "CVE-2026-20127", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "0036be7f-5d6e-4585-9861-52a8e23b40b6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-25T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-25T00:00:00Z", "recorded_at": "2026-02-25T17:00:01Z", "first_seen_at": "2026-02-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability | Affected: Cisco / Catalyst SD-WAN Controller and Manager | Description: Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. | Required action: Please adhere to CISA\u2019s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA\u2019s Emergency Directive 26-03 (URL listed below in Notes) and CISA\u2019s \u201cHunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2026-02-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20127"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Catalyst SD-WAN Controller and Manager", "due_date": "2026-02-27", "date_added": "2026-02-25", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-20127", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-20127"}]}, {"uuid": "6a297cae-d9dc-4032-980a-580c67ca4ed5", "vulnerability": {"vulnId": "CVE-2022-20775", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "6a297cae-d9dc-4032-980a-580c67ca4ed5"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-25T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-25T00:00:00Z", "recorded_at": "2026-02-25T17:00:01Z", "first_seen_at": "2026-02-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco SD-WAN Path Traversal Vulnerability | Affected: Cisco / SD-WAN | Description: Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | Required action: Please adhere to CISA\u2019s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA\u2019s Emergency Directive 26-03 (URL listed below in Notes) and CISA\u2019s \u201cHunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2026-02-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-sd-wan-priv-E6e8tEdF.html ; https://nvd.nist.gov/vuln/detail/CVE-2022-20775"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-25", "CWE-282"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SD-WAN", "due_date": "2026-02-27", "date_added": "2026-02-25", "vendorProject": "Cisco", "vulnerabilityName": "Cisco SD-WAN Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2022-20775", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-20775"}]}, {"uuid": "e2dc6e3a-c9f8-44ca-b9e4-162a1344d4e3", "vulnerability": {"vulnId": "CVE-2026-25108", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "e2dc6e3a-c9f8-44ca-b9e4-162a1344d4e3"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-24T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-24T00:00:00Z", "recorded_at": "2026-02-24T19:00:01Z", "first_seen_at": "2026-02-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Soliton Systems K.K FileZen OS Command Injection Vulnerability | Affected: Soliton Systems K.K / FileZen | Description: Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://jvn.jp/en/jp/JVN84622767/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-25108"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FileZen", "due_date": "2026-03-17", "date_added": "2026-02-24", "vendorProject": "Soliton Systems K.K", "vulnerabilityName": "Soliton Systems K.K FileZen OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-25108", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-25108"}]}, {"uuid": "32cebcd4-a96a-475d-930f-d8f810c1ec94", "vulnerability": {"vulnId": "CVE-2025-68461", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "32cebcd4-a96a-475d-930f-d8f810c1ec94"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-20T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-20T00:00:00Z", "recorded_at": "2026-02-21T20:00:01Z", "first_seen_at": "2026-02-20T00:00:00Z"}, "scope": {"notes": "KEV entry: RoundCube Webmail Cross-site Scripting Vulnerability | Affected: Roundcube / Webmail | Description: RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 ; https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb ; https://nvd.nist.gov/vuln/detail/CVE-2025-68461"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Webmail", "due_date": "2026-03-13", "date_added": "2026-02-20", "vendorProject": "Roundcube", "vulnerabilityName": "RoundCube Webmail Cross-site Scripting Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2025-68461", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-68461"}]}, {"uuid": "467a6fdf-0fb2-45be-9015-cfc5093fe95a", "vulnerability": {"vulnId": "CVE-2025-49113", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "467a6fdf-0fb2-45be-9015-cfc5093fe95a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-20T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-20T00:00:00Z", "recorded_at": "2026-02-21T20:00:01Z", "first_seen_at": "2026-02-20T00:00:00Z"}, "scope": {"notes": "KEV entry: RoundCube Webmail Deserialization of Untrusted Data Vulnerability | Affected: Roundcube / Webmail | Description: RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49113"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Webmail", "due_date": "2026-03-13", "date_added": "2026-02-20", "vendorProject": "Roundcube", "vulnerabilityName": "RoundCube Webmail Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2025-49113", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-49113"}]}, {"uuid": "9e0a0302-ad09-427e-aff6-3b1b7b4a35ea", "vulnerability": {"vulnId": "CVE-2026-22769", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "9e0a0302-ad09-427e-aff6-3b1b7b4a35ea"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-18T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-18T00:00:00Z", "recorded_at": "2026-02-19T06:36:58Z", "first_seen_at": "2026-02-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability | Affected: Dell / RecoverPoint for Virtual Machines (RP4VMs) | Description: Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlying operating system and root-level persistence. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-798"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "RecoverPoint for Virtual Machines (RP4VMs)", "due_date": "2026-02-21", "date_added": "2026-02-18", "vendorProject": "Dell", "vulnerabilityName": "Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-22769", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-22769"}]}, {"uuid": "e699c947-968e-42fa-95b0-8553fe0a78a3", "vulnerability": {"vulnId": "CVE-2021-22175", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "e699c947-968e-42fa-95b0-8553fe0a78a3"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-18T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-18T00:00:00Z", "recorded_at": "2026-02-19T06:36:58Z", "first_seen_at": "2026-02-18T00:00:00Z"}, "scope": {"notes": "KEV entry: GitLab Server-Side Request Forgery (SSRF) Vulnerability | Affected: GitLab / GitLab | Description: GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "GitLab", "due_date": "2026-03-11", "date_added": "2026-02-18", "vendorProject": "GitLab", "vulnerabilityName": "GitLab Server-Side Request Forgery (SSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2021-22175", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22175"}]}, {"uuid": "ade632ed-df92-486f-80de-4e0f0c7880d1", "vulnerability": {"vulnId": "CVE-2026-2441", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "ade632ed-df92-486f-80de-4e0f0c7880d1"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-17T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-17T00:00:00Z", "recorded_at": "2026-02-18T06:44:35Z", "first_seen_at": "2026-02-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium CSS Use-After-Free Vulnerability | Affected: Google / Chromium | Description: Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-2441"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium", "due_date": "2026-03-10", "date_added": "2026-02-17", "vendorProject": "Google", "vulnerabilityName": "Google Chromium CSS Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-2441", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-2441"}]}, {"uuid": "e563fed5-feee-43b8-83ce-b7ba88e67793", "vulnerability": {"vulnId": "CVE-2008-0015", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "e563fed5-feee-43b8-83ce-b7ba88e67793"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-17T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-17T00:00:00Z", "recorded_at": "2026-02-18T06:44:35Z", "first_seen_at": "2026-02-17T00:00:00Z"}, "scope": {"notes": "KEV entry:  Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://web.archive.org/web/20110305211119/https://www.microsoft.com/technet/security/bulletin/ms09-032.mspx ; https://nvd.nist.gov/vuln/detail/CVE-2008-0015"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-03-10", "date_added": "2026-02-17", "vendorProject": "Microsoft", "vulnerabilityName": " Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2008-0015", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2008-0015"}]}, {"uuid": "6a0b0e6c-34a8-4b25-b376-a7235d8716d5", "vulnerability": {"vulnId": "CVE-2024-7694", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "6a0b0e6c-34a8-4b25-b376-a7235d8716d5"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-17T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-17T00:00:00Z", "recorded_at": "2026-02-18T06:44:35Z", "first_seen_at": "2026-02-17T00:00:00Z"}, "scope": {"notes": "KEV entry: TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability | Affected: TeamT5 / ThreatSonar Anti-Ransomware | Description: TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system commands on the server. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://teamt5.org/en/posts/vulnerability-notice-threat-sonar-anti-ransomware-20240715/ ; https://www.twcert.org.tw/en/cp-139-8000-e5a5c-2.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-7694"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ThreatSonar Anti-Ransomware", "due_date": "2026-03-10", "date_added": "2026-02-17", "vendorProject": "TeamT5", "vulnerabilityName": "TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2024-7694", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-7694"}]}, {"uuid": "3149d83f-5286-4119-826e-a9c509a8c291", "vulnerability": {"vulnId": "CVE-2020-7796", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "3149d83f-5286-4119-826e-a9c509a8c291"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-17T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-17T00:00:00Z", "recorded_at": "2026-02-18T06:44:35Z", "first_seen_at": "2026-02-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability | Affected: Synacor / Zimbra Collaboration Suite | Description: Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7 ; https://nvd.nist.gov/vuln/detail/CVE-2020-7796"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite", "due_date": "2026-03-10", "date_added": "2026-02-17", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-7796", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-7796"}]}, {"uuid": "476a306e-2a29-4830-8026-9169841bf88f", "vulnerability": {"vulnId": "CVE-2026-1731", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "476a306e-2a29-4830-8026-9169841bf88f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-13T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-13T00:00:00Z", "recorded_at": "2026-02-16T17:38:09Z", "first_seen_at": "2026-02-13T00:00:00Z"}, "scope": {"notes": "KEV entry: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability | Affected: BeyondTrust / Remote Support (RS) and Privileged Remote Access (PRA) | Description: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. For more information please: see: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 ; https://nvd.nist.gov/vuln/detail/CVE-2026-1731"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Remote Support (RS) and Privileged Remote Access (PRA)", "due_date": "2026-02-16", "date_added": "2026-02-13", "vendorProject": "BeyondTrust", "vulnerabilityName": "BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-1731", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-1731"}]}, {"uuid": "68077e92-2c8b-4c98-8710-d42de3281ef7", "vulnerability": {"vulnId": "CVE-2025-40536", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "68077e92-2c8b-4c98-8710-d42de3281ef7"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-12T00:00:00Z", "recorded_at": "2026-02-13T07:17:08Z", "first_seen_at": "2026-02-12T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Web Help Desk Security Control Bypass Vulnerability | Affected: SolarWinds / Web Help Desk | Description: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-693"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Web Help Desk", "due_date": "2026-02-15", "date_added": "2026-02-12", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Web Help Desk Security Control Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2025-40536", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-40536"}]}, {"uuid": "4e3b6370-7bc8-4fed-b693-bf22ab520644", "vulnerability": {"vulnId": "CVE-2025-15556", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "4e3b6370-7bc8-4fed-b693-bf22ab520644"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-12T00:00:00Z", "recorded_at": "2026-02-13T07:17:08Z", "first_seen_at": "2026-02-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Notepad++ Download of Code Without Integrity Check Vulnerability | Affected: Notepad++ / Notepad++ | Description: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-494"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Notepad++", "due_date": "2026-03-05", "date_added": "2026-02-12", "vendorProject": "Notepad++", "vulnerabilityName": "Notepad++ Download of Code Without Integrity Check Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2025-15556", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-15556"}]}, {"uuid": "dd4380ef-ef6f-499f-b4d3-d783d9a30991", "vulnerability": {"vulnId": "CVE-2024-43468", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "dd4380ef-ef6f-499f-b4d3-d783d9a30991"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-12T00:00:00Z", "recorded_at": "2026-02-13T07:17:08Z", "first_seen_at": "2026-02-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Configuration Manager SQL Injection Vulnerability | Affected: Microsoft / Configuration Manager | Description: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Configuration Manager", "due_date": "2026-03-05", "date_added": "2026-02-12", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Configuration Manager SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2024-43468", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-43468"}]}, {"uuid": "453a593e-6c26-4c36-81a2-1d550d822df5", "vulnerability": {"vulnId": "CVE-2026-20700", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "453a593e-6c26-4c36-81a2-1d550d822df5"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-12T00:00:00Z", "recorded_at": "2026-02-13T07:17:08Z", "first_seen_at": "2026-02-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Buffer Overflow Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2026-03-05", "date_added": "2026-02-12", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-20700", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-20700"}]}, {"uuid": "ce6a01c5-06b3-4a88-879e-291082c9b83a", "vulnerability": {"vulnId": "CVE-2026-21514", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "ce6a01c5-06b3-4a88-879e-291082c9b83a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00Z", "recorded_at": "2026-02-11T06:19:47Z", "first_seen_at": "2026-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-807"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2026-03-03", "date_added": "2026-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-21514", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21514"}]}, {"uuid": "0418119d-ccec-41b3-9783-a6d167ec5f18", "vulnerability": {"vulnId": "CVE-2026-21519", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "0418119d-ccec-41b3-9783-a6d167ec5f18"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00Z", "recorded_at": "2026-02-11T06:19:47Z", "first_seen_at": "2026-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Type Confusion Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-03-03", "date_added": "2026-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-21519", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21519"}]}, {"uuid": "fef467a2-f69a-435a-8901-0b2a8f222634", "vulnerability": {"vulnId": "CVE-2026-21533", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "fef467a2-f69a-435a-8901-0b2a8f222634"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00Z", "recorded_at": "2026-02-11T06:19:47Z", "first_seen_at": "2026-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Improper Privilege Management Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-03-03", "date_added": "2026-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-21533", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21533"}]}, {"uuid": "ee80bea8-8772-48e3-ac25-9db946c084cc", "vulnerability": {"vulnId": "CVE-2026-21510", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "ee80bea8-8772-48e3-ac25-9db946c084cc"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00Z", "recorded_at": "2026-02-11T06:19:47Z", "first_seen_at": "2026-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Shell Protection Mechanism Failure Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510 "}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-693"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-03-03", "date_added": "2026-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Shell Protection Mechanism Failure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-21510", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21510"}]}, {"uuid": "4e06bbbb-377e-41da-9408-fe5df1dc658a", "vulnerability": {"vulnId": "CVE-2026-21525", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "4e06bbbb-377e-41da-9408-fe5df1dc658a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00Z", "recorded_at": "2026-02-11T06:19:47Z", "first_seen_at": "2026-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows NULL Pointer Dereference Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-476"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-03-03", "date_added": "2026-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows NULL Pointer Dereference Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-21525", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21525"}]}, {"uuid": "8c8230ba-f224-4ce7-bf59-fae3c05a0ef6", "vulnerability": {"vulnId": "CVE-2026-21513", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "8c8230ba-f224-4ce7-bf59-fae3c05a0ef6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00Z", "recorded_at": "2026-02-11T06:19:47Z", "first_seen_at": "2026-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability | Affected: Microsoft / Windows | Description: Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-693"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-03-03", "date_added": "2026-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2026-21513", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21513"}]}, {"uuid": "3aef8df1-c735-48b8-8dd7-06a3c5c42164", "vulnerability": {"vulnId": "CVE-2026-24423", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "3aef8df1-c735-48b8-8dd7-06a3c5c42164"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-05T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-05T00:00:00Z", "recorded_at": "2026-02-06T07:18:58Z", "first_seen_at": "2026-02-05T00:00:00Z"}, "scope": {"notes": "KEV entry: SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability | Affected: SmarterTools / SmarterMail | Description: SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-26 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.smartertools.com/smartermail/release-notes/current ; https://www.cve.org/CVERecord?id=CVE-2026-24423 ; https://nvd.nist.gov/vuln/detail/CVE-2026-24423"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SmarterMail", "due_date": "2026-02-26", "date_added": "2026-02-05", "vendorProject": "SmarterTools", "vulnerabilityName": "SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2026-24423", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-24423"}]}, {"uuid": "672da480-cb2f-47f7-b973-568fb956a41e", "vulnerability": {"vulnId": "CVE-2025-11953", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "gna": 1, "object_uuid": "672da480-cb2f-47f7-b973-568fb956a41e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-05T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-05T00:00:00Z", "recorded_at": "2026-02-06T07:18:58Z", "first_seen_at": "2026-02-05T00:00:00Z"}, "scope": {"notes": "KEV entry: React Native Community CLI OS Command Injection Vulnerability | Affected: React Native Community / CLI | Description: React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary executables via a vulnerable endpoint exposed by the server. On Windows, attackers can also execute arbitrary shell commands with fully controlled arguments. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: ; https://github.com/react-native-community/cli/commit/15089907d1f1301b22c72d7f68846a2ef20df547;https://github.com/react-native-community/cli/pull/2735 ; https://nvd.nist.gov/vuln/detail/CVE-2025-11953"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CLI", "due_date": "2026-02-26", "date_added": "2026-02-05", "vendorProject": "React Native Community", "vulnerabilityName": "React Native Community CLI OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2025-11953", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-11953"}]}, {"uuid": "4577b5cf-4984-471a-9b66-88042214d56f", "vulnerability": {"vulnId": "CVE-2025-40551", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "4577b5cf-4984-471a-9b66-88042214d56f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-03T00:00:00Z", "recorded_at": "2026-02-04T08:04:01Z", "first_seen_at": "2026-02-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | Affected: SolarWinds / Web Help Desk | Description: SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40551"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Web Help Desk", "due_date": "2026-02-06", "date_added": "2026-02-03", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2025-40551", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-40551"}]}, {"uuid": "423c507d-9757-49b9-835c-9654b715e3f9", "vulnerability": {"vulnId": "CVE-2019-19006", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "423c507d-9757-49b9-835c-9654b715e3f9"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-03T00:00:00Z", "recorded_at": "2026-02-04T08:04:01Z", "first_seen_at": "2026-02-03T00:00:00Z"}, "scope": {"notes": "KEV entry:  Sangoma FreePBX Improper Authentication Vulnerability | Affected: Sangoma / FreePBX | Description: Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.freepbx.org/display/FOP/2019-11-20%2BRemote%2BAdmin%2BAuthentication%2BBypass ; https://nvd.nist.gov/vuln/detail/CVE-2019-19006"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FreePBX", "due_date": "2026-02-24", "date_added": "2026-02-03", "vendorProject": "Sangoma", "vulnerabilityName": " Sangoma FreePBX Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2019-19006", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-19006"}]}, {"uuid": "f03830a2-8211-47ca-adc9-658c834fa5a2", "vulnerability": {"vulnId": "CVE-2025-64328", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "f03830a2-8211-47ca-adc9-658c834fa5a2"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-03T00:00:00Z", "recorded_at": "2026-02-04T08:04:01Z", "first_seen_at": "2026-02-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Sangoma FreePBX OS Command Injection Vulnerability | Affected: Sangoma / FreePBX  | Description: Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to potentially obtain remote access to the system as an asterisk user.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw ; https://nvd.nist.gov/vuln/detail/CVE-2025-64328"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FreePBX ", "due_date": "2026-02-24", "date_added": "2026-02-03", "vendorProject": "Sangoma", "vulnerabilityName": "Sangoma FreePBX OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2025-64328", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-64328"}]}, {"uuid": "be91d247-3c62-47b0-94fc-e0ddae52f44c", "vulnerability": {"vulnId": "CVE-2021-39935", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "be91d247-3c62-47b0-94fc-e0ddae52f44c"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-03T00:00:00Z", "recorded_at": "2026-02-04T08:04:01Z", "first_seen_at": "2026-02-03T00:00:00Z"}, "scope": {"notes": "KEV entry: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability | Affected: GitLab / Community and Enterprise Editions | Description: GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the CI Lint API.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2021-39935"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Community and Enterprise Editions", "due_date": "2026-02-24", "date_added": "2026-02-03", "vendorProject": "GitLab", "vulnerabilityName": "GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2021-39935", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-39935"}]}, {"uuid": "819b768f-8bd5-4199-9f62-1920e0a260b2", "vulnerability": {"vulnId": "CVE-2020-29583", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "819b768f-8bd5-4199-9f62-1920e0a260b2"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability | Affected: Zyxel / Multiple Products | Description: Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account (\"zyfwp\") with an unchangeable password. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-29583"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-522"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-29583", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-29583"}]}, {"uuid": "f3947cca-c8c9-42be-aeb5-3d0b96a25e06", "vulnerability": {"vulnId": "CVE-2019-8394", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "f3947cca-c8c9-42be-aeb5-3d0b96a25e06"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability | Affected: Zoho / ManageEngine | Description: Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-8394"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ManageEngine", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Zoho", "vulnerabilityName": "Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2019-8394", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-8394"}]}, {"uuid": "9c45bc9e-6881-4331-be62-65ae992faf6d", "vulnerability": {"vulnId": "CVE-2020-10189", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "9c45bc9e-6881-4331-be62-65ae992faf6d"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Zoho ManageEngine Desktop Central File Upload Vulnerability | Affected: Zoho / ManageEngine | Description: Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-10189"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ManageEngine", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Zoho", "vulnerabilityName": "Zoho ManageEngine Desktop Central File Upload Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-10189", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10189"}]}, {"uuid": "a92b4eea-f16e-45f2-9e2c-a4f00fa5fd99", "vulnerability": {"vulnId": "CVE-2021-40539", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "a92b4eea-f16e-45f2-9e2c-a4f00fa5fd99"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | Affected: Zoho / ManageEngine | Description: Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-40539"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-55"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ManageEngine", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Zoho", "vulnerabilityName": "Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2021-40539", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-40539"}]}, {"uuid": "3daec85e-6878-4d4f-b497-5914218cb71e", "vulnerability": {"vulnId": "CVE-2021-27561", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "3daec85e-6878-4d4f-b497-5914218cb71e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability | Affected: Yealink / Device Management | Description: Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-27561"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Device Management", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Yealink", "vulnerabilityName": "Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2021-27561", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27561"}]}, {"uuid": "850933f8-408b-47b5-998d-ea5a1625373f", "vulnerability": {"vulnId": "CVE-2019-9978", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "850933f8-408b-47b5-998d-ea5a1625373f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability | Affected: WordPress / Social Warfare Plugin | Description: WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-9978"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Social Warfare Plugin", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "WordPress", "vulnerabilityName": "WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2019-9978", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-9978"}]}, {"uuid": "1ca55f98-fe3a-4535-b406-5f69be8b2d87", "vulnerability": {"vulnId": "CVE-2020-11738", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "1ca55f98-fe3a-4535-b406-5f69be8b2d87"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: WordPress Snap Creek Duplicator Plugin File Download Vulnerability | Affected: WordPress / Snap Creek Duplicator Plugin | Description: WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-11738"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Snap Creek Duplicator Plugin", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "WordPress", "vulnerabilityName": "WordPress Snap Creek Duplicator Plugin File Download Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-11738", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11738"}]}, {"uuid": "82b3755e-4b1c-4ad0-ab4c-46c3c7e7c567", "vulnerability": {"vulnId": "CVE-2020-25213", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "82b3755e-4b1c-4ad0-ab4c-46c3c7e7c567"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: WordPress File Manager Plugin Remote Code Execution Vulnerability | Affected: WordPress / File Manager Plugin | Description: WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-25213"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "File Manager Plugin", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "WordPress", "vulnerabilityName": "WordPress File Manager Plugin Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-25213", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-25213"}]}, {"uuid": "2f8661ac-d86b-46a4-8193-21b389ff594e", "vulnerability": {"vulnId": "CVE-2020-4006", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "2f8661ac-d86b-46a4-8193-21b389ff594e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Multiple VMware Products Command Injection Vulnerability | Affected: VMware / Multiple Products | Description: VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-4006"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "Multiple VMware Products Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-4006", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-4006"}]}, {"uuid": "8fa6c497-5fe7-4257-87b7-2c7509f2a4ff", "vulnerability": {"vulnId": "CVE-2021-21985", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "8fa6c497-5fe7-4257-87b7-2c7509f2a4ff"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server Improper Input Validation Vulnerability | Affected: VMware / vCenter Server | Description: VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21985"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-470", "CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2021-21985", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21985"}]}, {"uuid": "6dfe25d0-1f9e-4a1a-922c-d3d2eeaee3b1", "vulnerability": {"vulnId": "CVE-2021-21972", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "6dfe25d0-1f9e-4a1a-922c-d3d2eeaee3b1"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server Remote Code Execution Vulnerability | Affected: VMware / vCenter Server | Description: VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21972"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-23"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2021-21972", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21972"}]}, {"uuid": "0fa8f6cc-d35c-43b9-97bd-d4da356be60e", "vulnerability": {"vulnId": "CVE-2020-3952", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "0fa8f6cc-d35c-43b9-97bd-d4da356be60e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server Information Disclosure Vulnerability | Affected: VMware / vCenter Server | Description: VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3952"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-3952", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3952"}]}, {"uuid": "5030e271-a2ec-43a3-9c8a-be1b1985be44", "vulnerability": {"vulnId": "CVE-2021-22005", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "5030e271-a2ec-43a3-9c8a-be1b1985be44"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server File Upload Vulnerability | Affected: VMware / vCenter Server | Description: VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-22005"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-23"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server File Upload Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2021-22005", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22005"}]}, {"uuid": "1f17a6b6-8a54-41c5-a85c-c66c87000690", "vulnerability": {"vulnId": "CVE-2020-3950", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "1f17a6b6-8a54-41c5-a85c-c66c87000690"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware Multiple Products Privilege Escalation Vulnerability | Affected: VMware / Multiple Products | Description: VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3950"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware Multiple Products Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-3950", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3950"}]}, {"uuid": "bb82a999-e6ea-4328-a873-eb36674501cf", "vulnerability": {"vulnId": "CVE-2020-3992", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "bb82a999-e6ea-4328-a873-eb36674501cf"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware ESXi OpenSLP Use-After-Free Vulnerability | Affected: VMware / ESXi | Description: VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3992"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ESXi", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware ESXi OpenSLP Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2020-3992", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3992"}]}, {"uuid": "67ae2bd6-5e78-43ae-b35d-2bb0cfdbb4d3", "vulnerability": {"vulnId": "CVE-2019-5544", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "67ae2bd6-5e78-43ae-b35d-2bb0cfdbb4d3"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability | Affected: VMware / VMware ESXi and Horizon DaaS | Description: VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-5544"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VMware ESXi and Horizon DaaS", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2019-5544", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-5544"}]}, {"uuid": "1ebc619b-5356-4c09-9ec9-07935ed74000", "vulnerability": {"vulnId": "CVE-2020-17496", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "1ebc619b-5356-4c09-9ec9-07935ed74000"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: vBulletin PHP Module Remote Code Execution Vulnerability | Affected: vBulletin / vBulletin | Description: The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-17496"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vBulletin", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "vBulletin", "vulnerabilityName": "vBulletin PHP Module Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-17496", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-17496"}]}, {"uuid": "7008e941-7eb2-4bcd-a503-6c26613763ca", "vulnerability": {"vulnId": "CVE-2019-16759", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "7008e941-7eb2-4bcd-a503-6c26613763ca"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: vBulletin PHP Module Remote Code Execution Vulnerability | Affected: vBulletin / vBulletin | Description: The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-16759"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vBulletin", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "vBulletin", "vulnerabilityName": "vBulletin PHP Module Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2019-16759", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-16759"}]}, {"uuid": "132ea468-54a9-4dc3-aab3-616beebb9748", "vulnerability": {"vulnId": "CVE-2020-5847", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "132ea468-54a9-4dc3-aab3-616beebb9748"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Unraid Remote Code Execution Vulnerability | Affected: Unraid / Unraid | Description: Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-5847"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Unraid", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Unraid", "vulnerabilityName": "Unraid Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-5847", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-5847"}]}, {"uuid": "c00c3d8d-d9fa-4c6b-b7ae-ced05cfe4afa", "vulnerability": {"vulnId": "CVE-2020-5849", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "c00c3d8d-d9fa-4c6b-b7ae-ced05cfe4afa"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Unraid Authentication Bypass Vulnerability | Affected: Unraid / Unraid | Description: Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-5849"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287", "CWE-697"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Unraid", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Unraid", "vulnerabilityName": "Unraid Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-5849", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-5849"}]}, {"uuid": "58744c2e-e319-4ad4-8906-9bbaa0d55f1c", "vulnerability": {"vulnId": "CVE-2019-20085", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "58744c2e-e319-4ad4-8906-9bbaa0d55f1c"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: TVT NVMS-1000 Directory Traversal Vulnerability | Affected: TVT / NVMS-1000 | Description: TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-20085"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NVMS-1000", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "TVT", "vulnerabilityName": "TVT NVMS-1000 Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2019-20085", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-20085"}]}, {"uuid": "6d5c31ba-4a2f-43de-85e7-17de9d232470", "vulnerability": {"vulnId": "CVE-2021-36741", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "6d5c31ba-4a2f-43de-85e7-17de9d232470"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Multiple Products Improper Input Validation Vulnerability | Affected: Trend Micro / Apex One, Apex One as a Service, and Worry-Free Business Security | Description: Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36741"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One, Apex One as a Service, and Worry-Free Business Security", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Multiple Products Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2021-36741", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-36741"}]}, {"uuid": "9a1919c5-62df-4609-a453-949df0b0b3fb", "vulnerability": {"vulnId": "CVE-2021-36742", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "9a1919c5-62df-4609-a453-949df0b0b3fb"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Multiple Products Improper Input Validation Vulnerability | Affected: Trend Micro / Apex One, Apex One as a Service, and Worry-Free Business Security | Description: Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36742"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One, Apex One as a Service, and Worry-Free Business Security", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Multiple Products Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2021-36742", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-36742"}]}, {"uuid": "7074f6db-0ce6-488f-879e-ffe4397a91f0", "vulnerability": {"vulnId": "CVE-2020-8599", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "7074f6db-0ce6-488f-879e-ffe4397a91f0"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability | Affected: Trend Micro / Apex One and OfficeScan | Description: Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8599"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One and OfficeScan", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-8599", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8599"}]}, {"uuid": "5c2c495d-c874-408b-8091-32cfcb5708d8", "vulnerability": {"vulnId": "CVE-2020-24557", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "5c2c495d-c874-408b-8091-32cfcb5708d8"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Multiple Products Improper Access Control Vulnerability | Affected: Trend Micro / Apex One, OfficeScan, and Worry-Free Business Security | Description: Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-24557"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One, OfficeScan, and Worry-Free Business Security", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Multiple Products Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-24557", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-24557"}]}, {"uuid": "9bfa1acf-cfc6-4cd0-a5b1-7606cb3c0b47", "vulnerability": {"vulnId": "CVE-2020-8468", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "9bfa1acf-cfc6-4cd0-a5b1-7606cb3c0b47"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Multiple Products Content Validation Escape Vulnerability | Affected: Trend Micro / Apex One, OfficeScan and Worry-Free Business Security Agents | Description: Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8468"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One, OfficeScan and Worry-Free Business Security Agents", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Multiple Products Content Validation Escape Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-8468", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8468"}]}, {"uuid": "d5766c00-ba5b-4967-a629-cdac22fe2f67", "vulnerability": {"vulnId": "CVE-2020-8467", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "d5766c00-ba5b-4967-a629-cdac22fe2f67"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability | Affected: Trend Micro / Apex One and OfficeScan | Description: Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8467"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One and OfficeScan", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-8467", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8467"}]}, {"uuid": "e87890fe-6edc-4610-81ae-88f1421f43a8", "vulnerability": {"vulnId": "CVE-2019-18187", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "e87890fe-6edc-4610-81ae-88f1421f43a8"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro OfficeScan Directory Traversal Vulnerability | Affected: Trend Micro / OfficeScan | Description: Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-18187"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "OfficeScan", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro OfficeScan Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2019-18187", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-18187"}]}, {"uuid": "62c91341-8a1b-4047-8a65-c355b05469b8", "vulnerability": {"vulnId": "CVE-2019-9082", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "62c91341-8a1b-4047-8a65-c355b05469b8"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: ThinkPHP Remote Code Execution Vulnerability | Affected: ThinkPHP / ThinkPHP | Description: ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-9082"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306", "CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ThinkPHP", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "ThinkPHP", "vulnerabilityName": "ThinkPHP Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2019-9082", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-9082"}]}, {"uuid": "f3731dfd-5683-40f8-8aed-10e677f72a37", "vulnerability": {"vulnId": "CVE-2018-20062", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "f3731dfd-5683-40f8-8aed-10e677f72a37"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: ThinkPHP \"noneCms\" Remote Code Execution Vulnerability | Affected: ThinkPHP / noneCms | Description: ThinkPHP \"noneCms\" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-20062"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "noneCms", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "ThinkPHP", "vulnerabilityName": "ThinkPHP \"noneCms\" Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2018-20062", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-20062"}]}, {"uuid": "5308e0ab-b3d1-4141-8dba-a236e1c2c68e", "vulnerability": {"vulnId": "CVE-2018-14558", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "5308e0ab-b3d1-4141-8dba-a236e1c2c68e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability | Affected: Tenda / AC7, AC9, and AC10 Routers | Description: Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to  the \"formsetUsbUnload\" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-14558"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AC7, AC9, and AC10 Routers", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Tenda", "vulnerabilityName": "Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2018-14558", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-14558"}]}, {"uuid": "dac68c8d-67b2-4e34-957d-6942e3e44c11", "vulnerability": {"vulnId": "CVE-2020-10987", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "dac68c8d-67b2-4e34-957d-6942e3e44c11"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability | Affected: Tenda / AC1900 Router AC15 Model | Description: Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-10987"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AC1900 Router AC15 Model", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Tenda", "vulnerabilityName": "Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-10987", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10987"}]}, {"uuid": "feb7cbac-5091-49b6-b6a9-be2d50c0796d", "vulnerability": {"vulnId": "CVE-2021-31755", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "feb7cbac-5091-49b6-b6a9-be2d50c0796d"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Tenda AC11 Router Stack Buffer Overflow Vulnerability | Affected: Tenda / AC11 Router | Description: Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-31755"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AC11 Router", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Tenda", "vulnerabilityName": "Tenda AC11 Router Stack Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2021-31755", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-31755"}]}, {"uuid": "33cab495-95f8-4ee5-af4c-0e11adf42908", "vulnerability": {"vulnId": "CVE-2017-9248", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "33cab495-95f8-4ee5-af4c-0e11adf42908"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability | Affected: Progress / ASP.NET AJAX and Sitefinity | Description: Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-9248"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-522"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ASP.NET AJAX and Sitefinity", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Progress", "vulnerabilityName": "Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2017-9248", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-9248"}]}, {"uuid": "4a4ef3e6-e5ae-467f-a167-fae56512c3f3", "vulnerability": {"vulnId": "CVE-2019-18988", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "4a4ef3e6-e5ae-467f-a167-fae56512c3f3"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: TeamViewer Desktop Bypass Remote Login Vulnerability | Affected: TeamViewer / Desktop | Description: TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the system (which allows for remote login to the system). | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-18988"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-521"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Desktop", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "TeamViewer", "vulnerabilityName": "TeamViewer Desktop Bypass Remote Login Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2019-18988", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-18988"}]}, {"uuid": "b0d7b315-2a9b-475a-8b6b-9a800c4539db", "vulnerability": {"vulnId": "CVE-2017-6327", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "b0d7b315-2a9b-475a-8b6b-9a800c4539db"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Symantec Messaging Gateway Remote Code Execution Vulnerability | Affected: Symantec / Symantec Messaging Gateway | Description: Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6327"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Symantec Messaging Gateway", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Symantec", "vulnerabilityName": "Symantec Messaging Gateway Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2017-6327", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6327"}]}, {"uuid": "869243cd-fbdf-4fd3-8b94-05868bdc96a3", "vulnerability": {"vulnId": "CVE-2020-10181", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "869243cd-fbdf-4fd3-8b94-05868bdc96a3"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability | Affected: Sumavision / Enhanced Multimedia Router (EMR) | Description: Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-10181"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-352"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Enhanced Multimedia Router (EMR)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Sumavision", "vulnerabilityName": "Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-10181", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10181"}]}, {"uuid": "dda02550-c9bf-4073-9052-d2767c1d7619", "vulnerability": {"vulnId": "CVE-2020-12271", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "dda02550-c9bf-4073-9052-d2767c1d7619"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Sophos SFOS SQL Injection Vulnerability | Affected: Sophos / SFOS | Description: Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords). | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-12271"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SFOS", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Sophos", "vulnerabilityName": "Sophos SFOS SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2020-12271", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-12271"}]}, {"uuid": "e3773bc3-7af1-4ceb-a99c-472dd5f7d2d8", "vulnerability": {"vulnId": "CVE-2021-20016", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "e3773bc3-7af1-4ceb-a99c-472dd5f7d2d8"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SSLVPN SMA100 SQL Injection Vulnerability | Affected: SonicWall / SSLVPN SMA100 | Description: SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-20016"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SSLVPN SMA100", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SSLVPN SMA100 SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2021-20016", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20016"}]}, {"uuid": "0aa85098-fe7e-421c-b01d-339de248e3f8", "vulnerability": {"vulnId": "CVE-2021-20023", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "0aa85098-fe7e-421c-b01d-339de248e3f8"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall Email Security Path Traversal Vulnerability | Affected: SonicWall / SonicWall Email Security | Description: SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-20023"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SonicWall Email Security", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall Email Security Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2021-20023", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20023"}]}, {"uuid": "facc46a1-ecb0-4dac-a1c0-f0d1866bb91f", "vulnerability": {"vulnId": "CVE-2021-20022", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "facc46a1-ecb0-4dac-a1c0-f0d1866bb91f"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall Email Security Unrestricted Upload of File Vulnerability | Affected: SonicWall / SonicWall Email Security | Description: SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-20022"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SonicWall Email Security", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall Email Security Unrestricted Upload of File Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2021-20022", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20022"}]}, {"uuid": "09a51604-d64f-4a39-880e-56999123998d", "vulnerability": {"vulnId": "CVE-2019-7481", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "09a51604-d64f-4a39-880e-56999123998d"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SMA100 SQL Injection Vulnerability | Affected: SonicWall / SMA100 | Description: SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-7481"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMA100", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SMA100 SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2019-7481", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7481"}]}, {"uuid": "e4456d40-0d4c-4f9a-9da6-05f0101bf789", "vulnerability": {"vulnId": "CVE-2021-20021", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "e4456d40-0d4c-4f9a-9da6-05f0101bf789"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall Email Security Improper Privilege Management Vulnerability | Affected: SonicWall / SonicWall Email Security | Description: SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-20021"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SonicWall Email Security", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall Email Security Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2021-20021", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20021"}]}, {"uuid": "22faf709-6454-4211-b4e3-cfb84de4d27e", "vulnerability": {"vulnId": "CVE-2020-10199", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "22faf709-6454-4211-b4e3-cfb84de4d27e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Sonatype Nexus Repository Remote Code Execution Vulnerability | Affected: Sonatype / Nexus Repository | Description: Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-10199"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-917"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Nexus Repository", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Sonatype", "vulnerabilityName": "Sonatype Nexus Repository Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-10199", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10199"}]}, {"uuid": "b561140e-8dd9-43e7-9562-b4af776a014b", "vulnerability": {"vulnId": "CVE-2016-3643", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "b561140e-8dd9-43e7-9562-b4af776a014b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Virtualization Manager Privilege Escalation Vulnerability | Affected: SolarWinds / Virtualization Manager | Description: SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-3643"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Virtualization Manager", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Virtualization Manager Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2016-3643", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3643"}]}, {"uuid": "eb2b7865-a421-4559-b37e-aed4ee78c423", "vulnerability": {"vulnId": "CVE-2021-35211", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "eb2b7865-a421-4559-b37e-aed4ee78c423"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Serv-U Remote Code Execution Vulnerability | Affected: SolarWinds / Serv-U | Description: SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-35211"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Serv-U", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Serv-U Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2021-35211", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-35211"}]}, {"uuid": "3c47408e-1894-4843-a6d9-9af5967620b8", "vulnerability": {"vulnId": "CVE-2020-10148", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "3c47408e-1894-4843-a6d9-9af5967620b8"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Orion Authentication Bypass Vulnerability | Affected: SolarWinds / Orion | Description: SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-10148"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Orion", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Orion Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-10148", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10148"}]}, {"uuid": "e224b883-a34e-4a02-8e2a-478d2249cc1a", "vulnerability": {"vulnId": "CVE-2019-16256", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "e224b883-a34e-4a02-8e2a-478d2249cc1a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SIMalliance Toolbox Browser Command Injection Vulnerability | Affected: SIMalliance / Toolbox Browser | Description: SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-16256"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Toolbox Browser", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SIMalliance", "vulnerabilityName": "SIMalliance Toolbox Browser Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2019-16256", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-16256"}]}, {"uuid": "066a4188-fd35-4d8e-ac2f-06a3bff9eaa0", "vulnerability": {"vulnId": "CVE-2016-3976", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "066a4188-fd35-4d8e-ac2f-06a3bff9eaa0"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver Directory Traversal Vulnerability | Affected: SAP / NetWeaver | Description: SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-3976"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2016-3976", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3976"}]}, {"uuid": "e54e5483-3d09-4b62-9943-3ff3be833bb6", "vulnerability": {"vulnId": "CVE-2020-6207", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "e54e5483-3d09-4b62-9943-3ff3be833bb6"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP Solution Manager Missing Authentication for Critical Function Vulnerability | Affected: SAP / Solution Manager | Description: SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-6207"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Solution Manager", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SAP", "vulnerabilityName": "SAP Solution Manager Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-6207", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-6207"}]}, {"uuid": "1b65712f-04b3-4102-a45a-a3dd5714866e", "vulnerability": {"vulnId": "CVE-2020-6287", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "1b65712f-04b3-4102-a45a-a3dd5714866e"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver Missing Authentication for Critical Function Vulnerability | Affected: SAP / NetWeaver | Description: SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-6287"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-6287", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-6287"}]}, {"uuid": "30f73b31-c3fa-4be6-b685-ffb359b35e35", "vulnerability": {"vulnId": "CVE-2016-9563", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "30f73b31-c3fa-4be6-b685-ffb359b35e35"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver XML External Entity (XXE) Vulnerability | Affected: SAP / NetWeaver | Description: SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-9563"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-611"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver XML External Entity (XXE) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2016-9563", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-9563"}]}, {"uuid": "d6804d7c-c725-464b-a5c6-41d46a8d59fc", "vulnerability": {"vulnId": "CVE-2010-5326", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "d6804d7c-c725-464b-a5c6-41d46a8d59fc"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver Remote Code Execution Vulnerability | Affected: SAP / NetWeaver | Description: SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-5326"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2010-5326", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-5326"}]}, {"uuid": "3d06f017-6572-4eb8-a4ca-1eb703042721", "vulnerability": {"vulnId": "CVE-2018-2380", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "3d06f017-6572-4eb8-a4ca-1eb703042721"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP Customer Relationship Management (CRM) Path Traversal Vulnerability | Affected: SAP / Customer Relationship Management (CRM) | Description: SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-2380"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Customer Relationship Management (CRM)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SAP", "vulnerabilityName": "SAP Customer Relationship Management (CRM) Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}], "references": [{"id": "CVE-2018-2380", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-2380"}]}, {"uuid": "f9979b12-2398-49a7-ad74-192df58c4139", "vulnerability": {"vulnId": "CVE-2020-16846", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "f9979b12-2398-49a7-ad74-192df58c4139"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SaltStack Salt Shell Injection Vulnerability | Affected: SaltStack / Salt | Description: SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-16846"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Salt", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SaltStack", "vulnerabilityName": "SaltStack Salt Shell Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-16846", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-16846"}]}, {"uuid": "d2ba95e6-fcde-4d18-943a-bd030d0aff30", "vulnerability": {"vulnId": "CVE-2020-11651", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "d2ba95e6-fcde-4d18-943a-bd030d0aff30"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SaltStack Salt Authentication Bypass Vulnerability | Affected: SaltStack / Salt | Description: SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-11651"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Salt", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SaltStack", "vulnerabilityName": "SaltStack Salt Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-11651", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11651"}]}, {"uuid": "4fd341db-d261-44c5-9891-3f4531b0097b", "vulnerability": {"vulnId": "CVE-2020-11652", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "4fd341db-d261-44c5-9891-3f4531b0097b"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SaltStack Salt Path Traversal Vulnerability | Affected: SaltStack / Salt | Description: SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-11652"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Salt", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SaltStack", "vulnerabilityName": "SaltStack Salt Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-11652", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11652"}]}, {"uuid": "4619d914-32fd-4c50-9caa-9316a0e61f4a", "vulnerability": {"vulnId": "CVE-2017-16651", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "4619d914-32fd-4c50-9caa-9316a0e61f4a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Roundcube Webmail File Disclosure Vulnerability | Affected: Roundcube / Roundcube Webmail | Description: Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-16651"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-552"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Roundcube Webmail", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Roundcube", "vulnerabilityName": "Roundcube Webmail File Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2017-16651", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-16651"}]}, {"uuid": "63a0ab2a-278a-4439-834b-ede184c7a942", "vulnerability": {"vulnId": "CVE-2021-35395", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "63a0ab2a-278a-4439-834b-ede184c7a942"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Realtek AP-Router SDK Buffer Overflow Vulnerability | Affected: Realtek / AP-Router SDK | Description: Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-35395"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AP-Router SDK", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Realtek", "vulnerabilityName": "Realtek AP-Router SDK Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2021-35395", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-35395"}]}, {"uuid": "6a4ef356-5bf0-4f09-883a-0bbae45d159a", "vulnerability": {"vulnId": "CVE-2020-10221", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "6a4ef356-5bf0-4f09-883a-0bbae45d159a"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: rConfig OS Command Injection Vulnerability | Affected: rConfig / rConfig | Description: rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-10221"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "rConfig", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "rConfig", "vulnerabilityName": "rConfig OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2020-10221", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10221"}]}, {"uuid": "6b034c22-dc95-4e88-9400-c92b8d5191c8", "vulnerability": {"vulnId": "CVE-2021-1905", "altId": []}, "gcve": {"origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60", "object_uuid": "6b034c22-dc95-4e88-9400-c92b8d5191c8"}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Use-After-Free Vulnerability | Affected: Qualcomm / Multiple Chipsets | Description: Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1905"}, "evidence": [{"type": "vendor_report", "source": "cisa-kev", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}], "references": [{"id": "CVE-2021-1905", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1905"}]}]}