{"uuid": "3ce3cc37-bae9-4b59-8eea-e4d47a9d60ab", "vulnerability": {"vulnId": "CVE-2025-68613", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-11T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "3ce3cc37-bae9-4b59-8eea-e4d47a9d60ab", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-11T00:00:00Z", "recorded_at": "2026-03-11T18:00:01Z", "first_seen_at": "2026-03-11T00:00:00Z"}, "scope": {"notes": "KEV entry: n8n Improper Control of Dynamically-Managed Code Resources Vulnerability | Affected: n8n / n8n | Description: n8n contains an improper control of dynamically managed code resources vulnerability in its workflow expression evaluation system that allows for remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/n8n-io/n8n/security/advisories/GHSA-v98v-ff95-f3cp ; https://nvd.nist.gov/vuln/detail/CVE-2025-68613"}, "references": [{"id": "CVE-2025-68613", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-68613"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-913"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "n8n", "due_date": "2026-03-25", "date_added": "2026-03-11", "vendorProject": "n8n", "vulnerabilityName": "n8n Improper Control of Dynamically-Managed Code Resources Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6e94730d-17c7-46e9-89a8-ad43bd72438b", "vulnerability": {"vulnId": "CVE-2026-1603", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-09T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "6e94730d-17c7-46e9-89a8-ad43bd72438b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-09T00:00:00Z", "recorded_at": "2026-03-09T20:00:01Z", "first_seen_at": "2026-03-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability | Affected: Ivanti /  Endpoint Manager (EPM) | Description: Ivanti Endpoint Manager (EPM) contains an authentication bypass using an alternate path or channel vulnerability that could allow a remote unauthenticated attacker to leak specific stored credential data. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://hub.ivanti.com/s/article/Security-Advisory-EPM-February-2026-for-EPM-2024?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2026-1603"}, "references": [{"id": "CVE-2026-1603", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-1603"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": " Endpoint Manager (EPM)", "due_date": "2026-03-23", "date_added": "2026-03-09", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager (EPM) Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "70150c7d-d6de-447e-b47b-c24838ffd8eb", "vulnerability": {"vulnId": "CVE-2025-26399", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-09T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "70150c7d-d6de-447e-b47b-c24838ffd8eb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-09T00:00:00Z", "recorded_at": "2026-03-09T20:00:01Z", "first_seen_at": "2026-03-09T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | Affected: SolarWinds / Web Help Desk | Description: SolarWinds Web Help Desk contain a deserialization of untrusted data vulnerability in AjaxProxy that could allow an attacker to run commands on the host machine. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.solarwinds.com/trust-center/security-advisories/cve-2025-26399 ; https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_12-8-7-hotfix-1_release_notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-26399"}, "references": [{"id": "CVE-2025-26399", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-26399"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Web Help Desk", "due_date": "2026-03-12", "date_added": "2026-03-09", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0361e2ef-9298-4c7a-82e3-9876dff4863b", "vulnerability": {"vulnId": "CVE-2021-22054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-09T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "0361e2ef-9298-4c7a-82e3-9876dff4863b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-09T00:00:00Z", "recorded_at": "2026-03-09T20:00:01Z", "first_seen_at": "2026-03-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Omnissa Workspace ONE Server-Side Request Forgery | Affected: Omnissa / Workspace One UEM | Description: Omnissa Workspace One UEM formerly known as VMware Workspace One UEM contains a server-side request forgery (SSRF) vulnerability that could allow a malicious actor with network access to UEM to send their requests without authentication and to gain access to sensitive information. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://web.archive.org/web/20211222154335/https://www.vmware.com/security/advisories/VMSA-2021-0029.html ; https://nvd.nist.gov/vuln/detail/CVE-2021-22054"}, "references": [{"id": "CVE-2021-22054", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22054"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Workspace One UEM", "due_date": "2026-03-23", "date_added": "2026-03-09", "vendorProject": "Omnissa", "vulnerabilityName": "Omnissa Workspace ONE Server-Side Request Forgery", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7d532c4e-9269-4754-afbc-fd3d7c022704", "vulnerability": {"vulnId": "CVE-2023-43000", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-05T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "7d532c4e-9269-4754-afbc-fd3d7c022704", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-05T00:00:00Z", "recorded_at": "2026-03-05T20:00:01Z", "first_seen_at": "2026-03-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple products Use-After-Free Vulnerability | Affected: Apple / Multiple Products | Description: Apple macOS, iOS, iPadOS, and Safari 16.6 contain a use-after-free vulnerability due to the processing of maliciously crafted web content that may lead to memory corruption. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/120324 ; https://support.apple.com/en-us/120331 ; https://support.apple.com/en-us/120338 ; https://nvd.nist.gov/vuln/detail/CVE-2023-43000"}, "references": [{"id": "CVE-2023-43000", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-43000"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2026-03-26", "date_added": "2026-03-05", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple products Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "379199da-aea6-4ca8-b09f-48e2998d1109", "vulnerability": {"vulnId": "CVE-2021-30952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-05T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "379199da-aea6-4ca8-b09f-48e2998d1109", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-05T00:00:00Z", "recorded_at": "2026-03-05T20:00:01Z", "first_seen_at": "2026-03-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Integer Overflow or Wraparound Vulnerability | Affected: Apple / Multiple Products | Description: Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952"}, "references": [{"id": "CVE-2021-30952", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30952"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2026-03-26", "date_added": "2026-03-05", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Integer Overflow or Wraparound Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e651cd03-3d09-4248-ad89-47ab28588441", "vulnerability": {"vulnId": "CVE-2017-7921", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-05T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "e651cd03-3d09-4248-ad89-47ab28588441", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-05T00:00:00Z", "recorded_at": "2026-03-05T20:00:01Z", "first_seen_at": "2026-03-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Hikvision Multiple Products Improper Authentication Vulnerability | Affected: Hikvision / Multiple Products | Description: Multiple Hikvision products contain an improper authentication vulnerability that could allow a malicious user to escalate privileges on the system and gain access to sensitive information. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.hikvision.com/us-en/support/document-center/special-notices/privilege-escalating-vulnerability-in-certain-hikvision-ip-cameras/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-7921"}, "references": [{"id": "CVE-2017-7921", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-7921"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2026-03-26", "date_added": "2026-03-05", "vendorProject": "Hikvision", "vulnerabilityName": "Hikvision Multiple Products Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "632a9e60-6cf6-423c-b2fd-bf11fe9b16c8", "vulnerability": {"vulnId": "CVE-2021-22681", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-05T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "632a9e60-6cf6-423c-b2fd-bf11fe9b16c8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-05T00:00:00Z", "recorded_at": "2026-03-05T20:00:01Z", "first_seen_at": "2026-03-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Rockwell Multiple Products Insufficient Protected Credentials Vulnerability | Affected: Rockwell / Multiple Products | Description: Multiple Rockwell products contain an insufficient protected credentials vulnerability. Studio 5000 Logix Designer software may allow a key to be discovered. This key is used to verify Logix controllers are communicating with Rockwell Automation design software. If successfully exploited, this vulnerability could allow an unauthorized application to connect with Logix controllers. To leverage this vulnerability, an unauthorized user would require network access to the controller. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.rockwellautomation.com/app/answers/answer_view/a_id/1130301/~/cve-2021-22681%3A-authentication-bypass-vulnerability-found-in-logix-controllers- ; https://www.cisa.gov/news-events/ics-advisories/icsa-21-056-03 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22681"}, "references": [{"id": "CVE-2021-22681", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22681"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-522"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2026-03-26", "date_added": "2026-03-05", "vendorProject": "Rockwell", "vulnerabilityName": "Rockwell Multiple Products Insufficient Protected Credentials Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b12703a3-d0b6-4b27-9bdb-2ff8b6bcac69", "vulnerability": {"vulnId": "CVE-2023-41974", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-05T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "b12703a3-d0b6-4b27-9bdb-2ff8b6bcac69", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-05T00:00:00Z", "recorded_at": "2026-03-05T20:00:01Z", "first_seen_at": "2026-03-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS and iPadOS Use-After-Free Vulnerability | Affected: Apple / iOS and iPadOS | Description: Apple iOS and iPadOS contain a use-after-free vulnerability. An app may be able to execute arbitrary code with kernel privileges. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213938 ; https://support.apple.com/kb/HT213938 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41974"}, "references": [{"id": "CVE-2023-41974", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41974"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS and iPadOS", "due_date": "2026-03-26", "date_added": "2026-03-05", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS and iPadOS Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ce9dac89-1ea9-401b-b75e-65cc2acc5949", "vulnerability": {"vulnId": "CVE-2026-22719", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-03T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "ce9dac89-1ea9-401b-b75e-65cc2acc5949", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-03T00:00:00Z", "recorded_at": "2026-03-03T18:00:01Z", "first_seen_at": "2026-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Broadcom VMware Aria Operations Command Injection Vulnerability | Affected: Broadcom / VMware Aria Operations | Description: Broadcom VMware Aria Operations formerly known as vRealize Operations (vROps) contains a command injection vulnerability that allows an unauthenticated attacker to execute arbitrary commands, potentially leading to remote code execution during support\u2011assisted product migration. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36947 ; https://knowledge.broadcom.com/external/article/430349 ; https://nvd.nist.gov/vuln/detail/CVE-2026-22719"}, "references": [{"id": "CVE-2026-22719", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-22719"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VMware Aria Operations", "due_date": "2026-03-24", "date_added": "2026-03-03", "vendorProject": "Broadcom", "vulnerabilityName": "Broadcom VMware Aria Operations Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "07ee4950-01cf-43fa-a180-c02f8be6535a", "vulnerability": {"vulnId": "CVE-2026-21385", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-03-03T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "07ee4950-01cf-43fa-a180-c02f8be6535a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-03-03T00:00:00Z", "recorded_at": "2026-03-03T18:00:01Z", "first_seen_at": "2026-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Memory Corruption Vulnerability | Affected: Qualcomm / Multiple Chipsets | Description: Multiple Qualcomm chipsets contain a memory corruption vulnerability while using alignments for memory allocation.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://source.android.com/docs/security/bulletin/2026/2026-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21385"}, "references": [{"id": "CVE-2026-21385", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21385"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2026-03-24", "date_added": "2026-03-03", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0036be7f-5d6e-4585-9861-52a8e23b40b6", "vulnerability": {"vulnId": "CVE-2026-20127", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-25T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "0036be7f-5d6e-4585-9861-52a8e23b40b6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-25T00:00:00Z", "recorded_at": "2026-02-25T17:00:01Z", "first_seen_at": "2026-02-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability | Affected: Cisco / Catalyst SD-WAN Controller and Manager | Description: Cisco Catalyst SD-WAN Controller, formerly SD-WAN vSmart, and Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, contain an authentication bypass vulnerability could allow an unauthenticated, remote attacker to bypass authentication and obtain administrative privileges on an affected system. This vulnerability exists because the peering authentication mechanism in an affected system is not working properly. An attacker could exploit this vulnerability by sending crafted requests to an affected system. A successful exploit could allow the attacker to log in to an affected Cisco Catalyst SD-WAN Controller as an internal, high-privileged, non-root user account. Using this account, the attacker could access NETCONF, which would then allow the attacker to manipulate network configuration for the SD-WAN fabric. | Required action: Please adhere to CISA\u2019s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA\u2019s Emergency Directive 26-03 (URL listed below in Notes) and CISA\u2019s \u201cHunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2026-02-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-rpa-EHchtZk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20127"}, "references": [{"id": "CVE-2026-20127", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-20127"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Catalyst SD-WAN Controller and Manager", "due_date": "2026-02-27", "date_added": "2026-02-25", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Catalyst SD-WAN Controller and Manager Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6a297cae-d9dc-4032-980a-580c67ca4ed5", "vulnerability": {"vulnId": "CVE-2022-20775", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-25T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "6a297cae-d9dc-4032-980a-580c67ca4ed5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-25T00:00:00Z", "recorded_at": "2026-02-25T17:00:01Z", "first_seen_at": "2026-02-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco SD-WAN Path Traversal Vulnerability | Affected: Cisco / SD-WAN | Description: Cisco SD-WAN CLI contains a path traversal vulnerability that could allow an authenticated local attacker to gain elevated privileges via improper access controls on commands within the application CLI. A successful exploit could allow the attacker to execute arbitrary commands as the root user. | Required action: Please adhere to CISA\u2019s guidelines to assess exposure and mitigate risks associated with Cisco SD-WAN devices as outlines in CISA\u2019s Emergency Directive 26-03 (URL listed below in Notes) and CISA\u2019s \u201cHunt & Hardening Guidance for Cisco SD-WAN Devices (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2026-02-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-26-03-mitigate-vulnerabilities-cisco-sd-wan-systems ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-26-03-hunt-and-hardening-guidance-cisco-sd-wan-systems ; https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-sd-wan-priv-E6e8tEdF.html ; https://nvd.nist.gov/vuln/detail/CVE-2022-20775"}, "references": [{"id": "CVE-2022-20775", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-20775"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-25", "CWE-282"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SD-WAN", "due_date": "2026-02-27", "date_added": "2026-02-25", "vendorProject": "Cisco", "vulnerabilityName": "Cisco SD-WAN Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e2dc6e3a-c9f8-44ca-b9e4-162a1344d4e3", "vulnerability": {"vulnId": "CVE-2026-25108", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-24T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "e2dc6e3a-c9f8-44ca-b9e4-162a1344d4e3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-24T00:00:00Z", "recorded_at": "2026-02-24T19:00:01Z", "first_seen_at": "2026-02-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Soliton Systems K.K FileZen OS Command Injection Vulnerability | Affected: Soliton Systems K.K / FileZen | Description: Soliton Systems K.K FileZen contains an OS command injection vulnerability when an user logs-in to the affected product and sends a specially crafted HTTP request. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://jvn.jp/en/jp/JVN84622767/ ; https://nvd.nist.gov/vuln/detail/CVE-2026-25108"}, "references": [{"id": "CVE-2026-25108", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-25108"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FileZen", "due_date": "2026-03-17", "date_added": "2026-02-24", "vendorProject": "Soliton Systems K.K", "vulnerabilityName": "Soliton Systems K.K FileZen OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "32cebcd4-a96a-475d-930f-d8f810c1ec94", "vulnerability": {"vulnId": "CVE-2025-68461", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-20T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "32cebcd4-a96a-475d-930f-d8f810c1ec94", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-20T00:00:00Z", "recorded_at": "2026-02-21T20:00:01Z", "first_seen_at": "2026-02-20T00:00:00Z"}, "scope": {"notes": "KEV entry: RoundCube Webmail Cross-site Scripting Vulnerability | Affected: Roundcube / Webmail | Description: RoundCube Webmail contains a cross-site scripting vulnerability via the animate tag in an SVG document. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://roundcube.net/news/2025/12/13/security-updates-1.6.12-and-1.5.12 ; https://github.com/roundcube/roundcubemail/commit/bfa032631c36b900e7444dfa278340b33cbf7cdb ; https://nvd.nist.gov/vuln/detail/CVE-2025-68461"}, "references": [{"id": "CVE-2025-68461", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-68461"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Webmail", "due_date": "2026-03-13", "date_added": "2026-02-20", "vendorProject": "Roundcube", "vulnerabilityName": "RoundCube Webmail Cross-site Scripting Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "467a6fdf-0fb2-45be-9015-cfc5093fe95a", "vulnerability": {"vulnId": "CVE-2025-49113", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-20T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "467a6fdf-0fb2-45be-9015-cfc5093fe95a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-20T00:00:00Z", "recorded_at": "2026-02-21T20:00:01Z", "first_seen_at": "2026-02-20T00:00:00Z"}, "scope": {"notes": "KEV entry: RoundCube Webmail Deserialization of Untrusted Data Vulnerability | Affected: Roundcube / Webmail | Description: RoundCube Webmail contains a deserialization of untrusted data vulnerability that allows remote code execution by authenticated users because the _from parameter in a URL is not validated in program/actions/settings/upload.php. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://roundcube.net/news/2025/06/01/security-updates-1.6.11-and-1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.5.10 ; https://github.com/roundcube/roundcubemail/releases/tag/1.6.11 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49113"}, "references": [{"id": "CVE-2025-49113", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-49113"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Webmail", "due_date": "2026-03-13", "date_added": "2026-02-20", "vendorProject": "Roundcube", "vulnerabilityName": "RoundCube Webmail Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9e0a0302-ad09-427e-aff6-3b1b7b4a35ea", "vulnerability": {"vulnId": "CVE-2026-22769", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-18T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "9e0a0302-ad09-427e-aff6-3b1b7b4a35ea", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-18T00:00:00Z", "recorded_at": "2026-02-19T06:36:58Z", "first_seen_at": "2026-02-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability | Affected: Dell / RecoverPoint for Virtual Machines (RP4VMs) | Description: Dell RecoverPoint for Virtual Machines (RP4VMs) contains an use of hard-coded credentials vulnerability that could allow an unauthenticated remote attacker to gain unauthorized access to the underlying operating system and root-level persistence. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.dell.com/support/kbdoc/en-us/000426773/dsa-2026-079 ; https://www.dell.com/support/kbdoc/en-us/000426742/recoverpoint-for-vms-apply-the-remediation-script-for-dsa ; https://cloud.google.com/blog/topics/threat-intelligence/unc6201-exploiting-dell-recoverpoint-zero-day ; https://nvd.nist.gov/vuln/detail/CVE-2026-22769"}, "references": [{"id": "CVE-2026-22769", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-22769"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-798"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "RecoverPoint for Virtual Machines (RP4VMs)", "due_date": "2026-02-21", "date_added": "2026-02-18", "vendorProject": "Dell", "vulnerabilityName": "Dell RecoverPoint for Virtual Machines (RP4VMs) Use of Hard-coded Credentials Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e699c947-968e-42fa-95b0-8553fe0a78a3", "vulnerability": {"vulnId": "CVE-2021-22175", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-18T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "e699c947-968e-42fa-95b0-8553fe0a78a3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-18T00:00:00Z", "recorded_at": "2026-02-19T06:36:58Z", "first_seen_at": "2026-02-18T00:00:00Z"}, "scope": {"notes": "KEV entry: GitLab Server-Side Request Forgery (SSRF) Vulnerability | Affected: GitLab / GitLab | Description: GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22175.json ; https://nvd.nist.gov/vuln/detail/CVE-2021-22175"}, "references": [{"id": "CVE-2021-22175", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22175"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "GitLab", "due_date": "2026-03-11", "date_added": "2026-02-18", "vendorProject": "GitLab", "vulnerabilityName": "GitLab Server-Side Request Forgery (SSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ade632ed-df92-486f-80de-4e0f0c7880d1", "vulnerability": {"vulnId": "CVE-2026-2441", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-17T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "ade632ed-df92-486f-80de-4e0f0c7880d1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-17T00:00:00Z", "recorded_at": "2026-02-18T06:44:35Z", "first_seen_at": "2026-02-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium CSS Use-After-Free Vulnerability | Affected: Google / Chromium | Description: Google Chromium CSS contains a use-after-free vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2026/02/stable-channel-update-for-desktop_13.html ; https://nvd.nist.gov/vuln/detail/CVE-2026-2441"}, "references": [{"id": "CVE-2026-2441", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-2441"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium", "due_date": "2026-03-10", "date_added": "2026-02-17", "vendorProject": "Google", "vulnerabilityName": "Google Chromium CSS Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3149d83f-5286-4119-826e-a9c509a8c291", "vulnerability": {"vulnId": "CVE-2020-7796", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-17T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "3149d83f-5286-4119-826e-a9c509a8c291", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-17T00:00:00Z", "recorded_at": "2026-02-18T06:44:35Z", "first_seen_at": "2026-02-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability | Affected: Synacor / Zimbra Collaboration Suite | Description: Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery vulnerability if WebEx zimlet installed and zimlet JSP is enabled. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P7 ; https://nvd.nist.gov/vuln/detail/CVE-2020-7796"}, "references": [{"id": "CVE-2020-7796", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-7796"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite", "due_date": "2026-03-10", "date_added": "2026-02-17", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e563fed5-feee-43b8-83ce-b7ba88e67793", "vulnerability": {"vulnId": "CVE-2008-0015", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-17T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "e563fed5-feee-43b8-83ce-b7ba88e67793", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-17T00:00:00Z", "recorded_at": "2026-02-18T06:44:35Z", "first_seen_at": "2026-02-17T00:00:00Z"}, "scope": {"notes": "KEV entry:  Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Video ActiveX Control contains a remote code execution vulnerability. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://web.archive.org/web/20110305211119/https://www.microsoft.com/technet/security/bulletin/ms09-032.mspx ; https://nvd.nist.gov/vuln/detail/CVE-2008-0015"}, "references": [{"id": "CVE-2008-0015", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2008-0015"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-03-10", "date_added": "2026-02-17", "vendorProject": "Microsoft", "vulnerabilityName": " Microsoft Windows Video ActiveX Control Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6a0b0e6c-34a8-4b25-b376-a7235d8716d5", "vulnerability": {"vulnId": "CVE-2024-7694", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-17T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "6a0b0e6c-34a8-4b25-b376-a7235d8716d5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-17T00:00:00Z", "recorded_at": "2026-02-18T06:44:35Z", "first_seen_at": "2026-02-17T00:00:00Z"}, "scope": {"notes": "KEV entry: TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability | Affected: TeamT5 / ThreatSonar Anti-Ransomware | Description: TeamT5 ThreatSonar Anti-Ransomware contains an unrestricted upload of file with dangerous type vulnerability. ThreatSonar Anti-Ransomware does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system commands on the server. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://teamt5.org/en/posts/vulnerability-notice-threat-sonar-anti-ransomware-20240715/ ; https://www.twcert.org.tw/en/cp-139-8000-e5a5c-2.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-7694"}, "references": [{"id": "CVE-2024-7694", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-7694"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ThreatSonar Anti-Ransomware", "due_date": "2026-03-10", "date_added": "2026-02-17", "vendorProject": "TeamT5", "vulnerabilityName": "TeamT5 ThreatSonar Anti-Ransomware Unrestricted Upload of File with Dangerous Type Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "476a306e-2a29-4830-8026-9169841bf88f", "vulnerability": {"vulnId": "CVE-2026-1731", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-13T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "476a306e-2a29-4830-8026-9169841bf88f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-13T00:00:00Z", "recorded_at": "2026-02-16T17:38:09Z", "first_seen_at": "2026-02-13T00:00:00Z"}, "scope": {"notes": "KEV entry: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability | Affected: BeyondTrust / Remote Support (RS) and Privileged Remote Access (PRA) | Description: BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA)contain an OS command injection vulnerability. Successful exploitation could allow an unauthenticated remote attacker to execute operating system commands in the context of the site user. Successful exploitation requires no authentication or user interaction and may lead to system compromise, including unauthorized access, data exfiltration, and service disruption. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Please adhere to the vendor's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible BeyondTrust products affected by this vulnerability. For more information please: see: https://www.beyondtrust.com/trust-center/security-advisories/bt26-02 ; https://nvd.nist.gov/vuln/detail/CVE-2026-1731"}, "references": [{"id": "CVE-2026-1731", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-1731"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Remote Support (RS) and Privileged Remote Access (PRA)", "due_date": "2026-02-16", "date_added": "2026-02-13", "vendorProject": "BeyondTrust", "vulnerabilityName": "BeyondTrust Remote Support (RS) and Privileged Remote Access (PRA) OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4e3b6370-7bc8-4fed-b693-bf22ab520644", "vulnerability": {"vulnId": "CVE-2025-15556", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "4e3b6370-7bc8-4fed-b693-bf22ab520644", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-12T00:00:00Z", "recorded_at": "2026-02-13T07:17:08Z", "first_seen_at": "2026-02-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Notepad++ Download of Code Without Integrity Check Vulnerability | Affected: Notepad++ / Notepad++ | Description: Notepad++ when using the WinGUp updater, contains a download of code without integrity check vulnerability that could allow an attacker to intercept or redirect update traffic to download and execute an attacker-controlled installer. This could lead to arbitrary code execution with the privileges of the user. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://notepad-plus-plus.org/news/clarification-security-incident/ ; https://community.notepad-plus-plus.org/topic/27298/notepad-v8-8-9-vulnerability-fix ; https://nvd.nist.gov/vuln/detail/CVE-2025-15556"}, "references": [{"id": "CVE-2025-15556", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-15556"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-494"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Notepad++", "due_date": "2026-03-05", "date_added": "2026-02-12", "vendorProject": "Notepad++", "vulnerabilityName": "Notepad++ Download of Code Without Integrity Check Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "68077e92-2c8b-4c98-8710-d42de3281ef7", "vulnerability": {"vulnId": "CVE-2025-40536", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "68077e92-2c8b-4c98-8710-d42de3281ef7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-12T00:00:00Z", "recorded_at": "2026-02-13T07:17:08Z", "first_seen_at": "2026-02-12T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Web Help Desk Security Control Bypass Vulnerability | Affected: SolarWinds / Web Help Desk | Description: SolarWinds Web Help Desk contains a security control bypass vulnerability that could allow an unauthenticated attacker to gain access to certain restricted functionality. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://documentation.solarwinds.com/en/success_center/whd/content/release_notes/whd_2026-1_release_notes.htm ; https://www.solarwinds.com/trust-center/security-advisories/CVE-2025-40536 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40536"}, "references": [{"id": "CVE-2025-40536", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-40536"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-693"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Web Help Desk", "due_date": "2026-02-15", "date_added": "2026-02-12", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Web Help Desk Security Control Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "453a593e-6c26-4c36-81a2-1d550d822df5", "vulnerability": {"vulnId": "CVE-2026-20700", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "453a593e-6c26-4c36-81a2-1d550d822df5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-12T00:00:00Z", "recorded_at": "2026-02-13T07:17:08Z", "first_seen_at": "2026-02-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Buffer Overflow Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, macOS, tvOS, watchOS, and visionOS contain an improper restriction of operations within the bounds of a memory buffer vulnerability that could allow an attacker with memory write the capability to execute arbitrary code. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/126346 ; https://support.apple.com/en-us/126348 ; https://support.apple.com/en-us/126351 ; https://support.apple.com/en-us/126352 ; https://support.apple.com/en-us/126353 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20700"}, "references": [{"id": "CVE-2026-20700", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-20700"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2026-03-05", "date_added": "2026-02-12", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dd4380ef-ef6f-499f-b4d3-d783d9a30991", "vulnerability": {"vulnId": "CVE-2024-43468", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-12T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "dd4380ef-ef6f-499f-b4d3-d783d9a30991", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-12T00:00:00Z", "recorded_at": "2026-02-13T07:17:08Z", "first_seen_at": "2026-02-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Configuration Manager SQL Injection Vulnerability | Affected: Microsoft / Configuration Manager | Description: Microsoft Configuration Manager contains an SQL injection vulnerability. An unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to the target environment which are processed in an unsafe manner enabling the attacker to execute commands on the server and/or underlying database. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43468 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43468"}, "references": [{"id": "CVE-2024-43468", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-43468"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Configuration Manager", "due_date": "2026-03-05", "date_added": "2026-02-12", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Configuration Manager SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fef467a2-f69a-435a-8901-0b2a8f222634", "vulnerability": {"vulnId": "CVE-2026-21533", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "fef467a2-f69a-435a-8901-0b2a8f222634", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00Z", "recorded_at": "2026-02-11T06:19:47Z", "first_seen_at": "2026-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Improper Privilege Management Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Remote Desktop Services contains an improper privilege management vulnerability that could allow an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21533 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21533"}, "references": [{"id": "CVE-2026-21533", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21533"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-03-03", "date_added": "2026-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4e06bbbb-377e-41da-9408-fe5df1dc658a", "vulnerability": {"vulnId": "CVE-2026-21525", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "4e06bbbb-377e-41da-9408-fe5df1dc658a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00Z", "recorded_at": "2026-02-11T06:19:47Z", "first_seen_at": "2026-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows NULL Pointer Dereference Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Remote Access Connection Manager contains a NULL pointer dereference that could allow an unauthorized attacker to deny service locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21525 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21525"}, "references": [{"id": "CVE-2026-21525", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21525"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-476"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-03-03", "date_added": "2026-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows NULL Pointer Dereference Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ee80bea8-8772-48e3-ac25-9db946c084cc", "vulnerability": {"vulnId": "CVE-2026-21510", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "ee80bea8-8772-48e3-ac25-9db946c084cc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00Z", "recorded_at": "2026-02-11T06:19:47Z", "first_seen_at": "2026-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Shell Protection Mechanism Failure Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Shell contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21510 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21510 "}, "references": [{"id": "CVE-2026-21510", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21510"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-693"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-03-03", "date_added": "2026-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Shell Protection Mechanism Failure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0418119d-ccec-41b3-9783-a6d167ec5f18", "vulnerability": {"vulnId": "CVE-2026-21519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "0418119d-ccec-41b3-9783-a6d167ec5f18", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00Z", "recorded_at": "2026-02-11T06:19:47Z", "first_seen_at": "2026-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Type Confusion Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Desktop Windows Manager contains a type confusion vulnerability that could allow an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21519 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21519"}, "references": [{"id": "CVE-2026-21519", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21519"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-03-03", "date_added": "2026-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ce6a01c5-06b3-4a88-879e-291082c9b83a", "vulnerability": {"vulnId": "CVE-2026-21514", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "ce6a01c5-06b3-4a88-879e-291082c9b83a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00Z", "recorded_at": "2026-02-11T06:19:47Z", "first_seen_at": "2026-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office Word contains a reliance on untrusted inputs in a security decision vulnerability that could allow an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21514 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21514"}, "references": [{"id": "CVE-2026-21514", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21514"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-807"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2026-03-03", "date_added": "2026-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Word Reliance on Untrusted Inputs in a Security Decision Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8c8230ba-f224-4ce7-bf59-fae3c05a0ef6", "vulnerability": {"vulnId": "CVE-2026-21513", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-10T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "8c8230ba-f224-4ce7-bf59-fae3c05a0ef6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-10T00:00:00Z", "recorded_at": "2026-02-11T06:19:47Z", "first_seen_at": "2026-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability | Affected: Microsoft / Windows | Description: Microsoft MSHTML Framework contains a protection mechanism failure vulnerability that could allow an unauthorized attacker to bypass a security feature over a network. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-03-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2026-21513 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21513"}, "references": [{"id": "CVE-2026-21513", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21513"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-693"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-03-03", "date_added": "2026-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft MSHTML Framework Protection Mechanism Failure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3aef8df1-c735-48b8-8dd7-06a3c5c42164", "vulnerability": {"vulnId": "CVE-2026-24423", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-05T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "3aef8df1-c735-48b8-8dd7-06a3c5c42164", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-05T00:00:00Z", "recorded_at": "2026-02-06T07:18:58Z", "first_seen_at": "2026-02-05T00:00:00Z"}, "scope": {"notes": "KEV entry: SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability | Affected: SmarterTools / SmarterMail | Description: SmarterTools SmarterMail contains a missing authentication for critical function vulnerability in the ConnectToHub API method. This could allow the attacker to point the SmarterMail instance to a malicious HTTP server which serves the malicious OS command and could lead to command execution.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-26 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.smartertools.com/smartermail/release-notes/current ; https://www.cve.org/CVERecord?id=CVE-2026-24423 ; https://nvd.nist.gov/vuln/detail/CVE-2026-24423"}, "references": [{"id": "CVE-2026-24423", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-24423"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SmarterMail", "due_date": "2026-02-26", "date_added": "2026-02-05", "vendorProject": "SmarterTools", "vulnerabilityName": "SmarterTools SmarterMail Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "672da480-cb2f-47f7-b973-568fb956a41e", "vulnerability": {"vulnId": "CVE-2025-11953", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-05T00:00:00+00:00"}, "gcve": {"gna": 1, "object_uuid": "672da480-cb2f-47f7-b973-568fb956a41e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-05T00:00:00Z", "recorded_at": "2026-02-06T07:18:58Z", "first_seen_at": "2026-02-05T00:00:00Z"}, "scope": {"notes": "KEV entry: React Native Community CLI OS Command Injection Vulnerability | Affected: React Native Community / CLI | Description: React Native Community CLI contains an OS command injection vulnerability which could allow unauthenticated network attackers to send POST requests to the Metro Development Server and run arbitrary executables via a vulnerable endpoint exposed by the server. On Windows, attackers can also execute arbitrary shell commands with fully controlled arguments. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: ; https://github.com/react-native-community/cli/commit/15089907d1f1301b22c72d7f68846a2ef20df547;https://github.com/react-native-community/cli/pull/2735 ; https://nvd.nist.gov/vuln/detail/CVE-2025-11953"}, "references": [{"id": "CVE-2025-11953", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-11953"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CLI", "due_date": "2026-02-26", "date_added": "2026-02-05", "vendorProject": "React Native Community", "vulnerabilityName": "React Native Community CLI OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4577b5cf-4984-471a-9b66-88042214d56f", "vulnerability": {"vulnId": "CVE-2025-40551", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4577b5cf-4984-471a-9b66-88042214d56f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-03T00:00:00Z", "recorded_at": "2026-02-04T08:04:01Z", "first_seen_at": "2026-02-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | Affected: SolarWinds / Web Help Desk | Description: SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could lead to remote code execution, which would allow an attacker to run commands on the host machine. This could be exploited without authentication. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.solarwinds.com/trust-center/security-advisories/cve-2025-40551 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40551"}, "references": [{"id": "CVE-2025-40551", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-40551"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Web Help Desk", "due_date": "2026-02-06", "date_added": "2026-02-03", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "423c507d-9757-49b9-835c-9654b715e3f9", "vulnerability": {"vulnId": "CVE-2019-19006", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-03T00:00:00+00:00"}, "gcve": {"object_uuid": "423c507d-9757-49b9-835c-9654b715e3f9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-03T00:00:00Z", "recorded_at": "2026-02-04T08:04:01Z", "first_seen_at": "2026-02-03T00:00:00Z"}, "scope": {"notes": "KEV entry:  Sangoma FreePBX Improper Authentication Vulnerability | Affected: Sangoma / FreePBX | Description: Sangoma FreePBX contains an improper authentication vulnerability that potentially allows unauthorized users to bypass password authentication and access services provided by the FreePBX admin. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.freepbx.org/display/FOP/2019-11-20%2BRemote%2BAdmin%2BAuthentication%2BBypass ; https://nvd.nist.gov/vuln/detail/CVE-2019-19006"}, "references": [{"id": "CVE-2019-19006", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-19006"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FreePBX", "due_date": "2026-02-24", "date_added": "2026-02-03", "vendorProject": "Sangoma", "vulnerabilityName": " Sangoma FreePBX Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f03830a2-8211-47ca-adc9-658c834fa5a2", "vulnerability": {"vulnId": "CVE-2025-64328", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f03830a2-8211-47ca-adc9-658c834fa5a2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-03T00:00:00Z", "recorded_at": "2026-02-04T08:04:01Z", "first_seen_at": "2026-02-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Sangoma FreePBX OS Command Injection Vulnerability | Affected: Sangoma / FreePBX  | Description: Sangoma FreePBX Endpoint Manager contains an OS command injection vulnerability that could allow for a post-authentication command injection by an authenticated known user via the testconnection -> check_ssh_connect() function. An attacker can leverage this vulnerability to potentially obtain remote access to the system as an asterisk user.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/FreePBX/security-reporting/security/advisories/GHSA-vm9p-46mv-5xvw ; https://nvd.nist.gov/vuln/detail/CVE-2025-64328"}, "references": [{"id": "CVE-2025-64328", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-64328"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FreePBX ", "due_date": "2026-02-24", "date_added": "2026-02-03", "vendorProject": "Sangoma", "vulnerabilityName": "Sangoma FreePBX OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "be91d247-3c62-47b0-94fc-e0ddae52f44c", "vulnerability": {"vulnId": "CVE-2021-39935", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-02-03T00:00:00+00:00"}, "gcve": {"object_uuid": "be91d247-3c62-47b0-94fc-e0ddae52f44c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-02-03T00:00:00Z", "recorded_at": "2026-02-04T08:04:01Z", "first_seen_at": "2026-02-03T00:00:00Z"}, "scope": {"notes": "KEV entry: GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability | Affected: GitLab / Community and Enterprise Editions | Description: GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the CI Lint API.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://about.gitlab.com/releases/2021/12/06/security-release-gitlab-14-5-2-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2021-39935"}, "references": [{"id": "CVE-2021-39935", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-39935"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Community and Enterprise Editions", "due_date": "2026-02-24", "date_added": "2026-02-03", "vendorProject": "GitLab", "vulnerabilityName": "GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4b63a601-63fc-46c4-9e88-2a353a34c8f6", "vulnerability": {"vulnId": "CVE-2026-1281", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-29T00:00:00+00:00"}, "gcve": {"object_uuid": "4b63a601-63fc-46c4-9e88-2a353a34c8f6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | Affected: Ivanti / Endpoint Manager Mobile (EPMM) | Description: Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability that could allow attackers to achieve unauthenticated remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Please adhere to Ivanti's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Ivanti products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as possible. For more information please: see: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM-CVE-2026-1281-CVE-2026-1340 ; https://support.mobileiron.com/mi/vsp/AB1771634/ivanti-security-update-1761642-1.0.0S-5.noarch.rpm ; https://support.mobileiron.com/mi/vsp/AB1771634/ivanti-security-update-1761642-1.0.0L-5.noarch.rpm ; https://nvd.nist.gov/vuln/detail/CVE-2026-1281"}, "references": [{"id": "CVE-2026-1281", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-1281"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Endpoint Manager Mobile (EPMM)", "due_date": "2026-02-01", "date_added": "2026-01-29", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e1546c5c-ee29-412d-8453-540ce5e9e017", "vulnerability": {"vulnId": "CVE-2026-24858", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-27T00:00:00+00:00"}, "gcve": {"object_uuid": "e1546c5c-ee29-412d-8453-540ce5e9e017", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-27T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability | Affected: Fortinet / Multiple Products | Description: Fortinet FortiAnalyzer, FortiManager, FortiOS, and FortiProxy contain an authentication bypass using an alternate path or channel that could allow an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts, if FortiCloud SSO authentication is enabled on those devices. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Please adhere to Fortinet's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Fortinet products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as they become available. For more information please see: https://fortiguard.fortinet.com/psirt/FG-IR-26-060 ; https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios ; https://nvd.nist.gov/vuln/detail/CVE-2026-24858"}, "references": [{"id": "CVE-2026-24858", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-24858"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2026-01-30", "date_added": "2026-01-27", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet Multiple Products Authentication Bypass Using an Alternate Path or Channel Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "52c8dde3-45b0-49f7-83db-af0b2a78a2e5", "vulnerability": {"vulnId": "CVE-2018-14634", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-26T00:00:00+00:00"}, "gcve": {"object_uuid": "52c8dde3-45b0-49f7-83db-af0b2a78a2e5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Integer Overflow Vulnerability | Affected: Linux / Kernal | Description: Linux Kernel contains an integer overflow vulnerability in the create_elf_tables() function which could allow an unprivileged local user with access to SUID (or otherwise privileged) binary to escalate their privileges on the system. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/about/ ; https://www.kernel.org/ ; https://www.cve.org/CVERecord?id=CVE-2018-14634; https://access.redhat.com/errata/RHSA-2018:3540 ; https://nvd.nist.gov/vuln/detail/CVE-2018-14634"}, "references": [{"id": "CVE-2018-14634", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-14634"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernal", "due_date": "2026-02-16", "date_added": "2026-01-26", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f7b20c53-4e73-4ca8-8db3-73c6fc7648c1", "vulnerability": {"vulnId": "CVE-2026-21509", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-26T00:00:00+00:00"}, "gcve": {"object_uuid": "f7b20c53-4e73-4ca8-8db3-73c6fc7648c1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Security Feature Bypass Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted product(s) could be end-of-life (EoL) and/or end-of-service (EoS). Users are advised to discontinue use and/or transition to a supported version. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Please adhere to Microsoft\u2019s recommended guidelines to address this vulnerability. Implement all final mitigations provided by the vendor for Office 2021, and apply the interim corresponding mitigations for Office 2016 and Office 2019 until the final patch becomes available. For more information please see: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-21509 ; https://nvd.nist.gov/vuln/detail/CVE-2026-21509"}, "references": [{"id": "CVE-2026-21509", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-21509"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-807"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2026-02-16", "date_added": "2026-01-26", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "adddff13-de5b-496a-88b9-93bf52749bb3", "vulnerability": {"vulnId": "CVE-2026-23760", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-26T00:00:00+00:00"}, "gcve": {"object_uuid": "adddff13-de5b-496a-88b9-93bf52749bb3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-26T00:00:00Z"}, "scope": {"notes": "KEV entry: SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability | Affected: SmarterTools / SmarterMail | Description: SmarterTools SmarterMail contains an authentication bypass using an alternate path or channel vulnerability in the password reset API. The force-reset-password endpoint permits anonymous requests and fails to verify the existing password or a reset token when resetting system administrator accounts. This could allow an unauthenticated attacker to supply a target administrator username and a new password to reset the account, resulting in full administrative compromise of the SmarterMail instance. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.smartertools.com/smartermail/release-notes/current ; https://nvd.nist.gov/vuln/detail/CVE-2026-23760"}, "references": [{"id": "CVE-2026-23760", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-23760"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SmarterMail", "due_date": "2026-02-16", "date_added": "2026-01-26", "vendorProject": "SmarterTools", "vulnerabilityName": "SmarterTools SmarterMail Authentication Bypass Using an Alternate Path or Channel Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3221039f-1dd3-4ead-8cdc-05c66be0ce37", "vulnerability": {"vulnId": "CVE-2025-52691", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-26T00:00:00+00:00"}, "gcve": {"object_uuid": "3221039f-1dd3-4ead-8cdc-05c66be0ce37", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-26T00:00:00Z"}, "scope": {"notes": "KEV entry: SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability | Affected: SmarterTools / SmarterMail | Description: SmarterTools SmarterMail contains an unrestricted upload of file with dangerous type vulnerability that could allow an unauthenticated attacker to upload arbitrary files to any location on the mail server, potentially enabling remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.smartertools.com/smartermail/release-notes/current ; https://www.csa.gov.sg/alerts-and-advisories/alerts/al-2025-124/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-52691"}, "references": [{"id": "CVE-2025-52691", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-52691"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SmarterMail", "due_date": "2026-02-16", "date_added": "2026-01-26", "vendorProject": "SmarterTools", "vulnerabilityName": "SmarterTools SmarterMail Unrestricted Upload of File with Dangerous Type Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e93f2758-b37b-4a65-83f5-a42bab2a9c86", "vulnerability": {"vulnId": "CVE-2026-24061", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-26T00:00:00+00:00"}, "gcve": {"object_uuid": "e93f2758-b37b-4a65-83f5-a42bab2a9c86", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-26T00:00:00Z"}, "scope": {"notes": "KEV entry: GNU InetUtils Argument Injection Vulnerability | Affected: GNU / InetUtils | Description: GNU InetUtils contains an argument injection vulnerability in telnetd that could allow for remote authentication bypass via a \"-f root\" value for the USER environment variable. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://cgit.git.savannah.gnu.org/cgit/inetutils.git ; https://codeberg.org/inetutils/inetutils/commit/ccba9f748aa8d50a38d7748e2e60362edd6a32cc; https://codeberg.org/inetutils/inetutils/commit/fd702c02497b2f398e739e3119bed0b23dd7aa7b ; https://nvd.nist.gov/vuln/detail/CVE-2026-24061"}, "references": [{"id": "CVE-2026-24061", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-24061"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-88"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "InetUtils", "due_date": "2026-02-16", "date_added": "2026-01-26", "vendorProject": "GNU", "vulnerabilityName": "GNU InetUtils Argument Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5cbefa20-48a2-4797-8c11-9803a3a7b937", "vulnerability": {"vulnId": "CVE-2024-37079", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "5cbefa20-48a2-4797-8c11-9803a3a7b937", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability | Affected: Broadcom / VMware vCenter Server | Description: Broadcom VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. This could allow a malicious actor with network access to vCenter Server to send specially crafted network packets, potentially leading to remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453 ; https://nvd.nist.gov/vuln/detail/CVE-2024-37079"}, "references": [{"id": "CVE-2024-37079", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-37079"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VMware vCenter Server", "due_date": "2026-02-13", "date_added": "2026-01-23", "vendorProject": "Broadcom", "vulnerabilityName": "Broadcom VMware vCenter Server Out-of-bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9643bcaf-0fcc-4f7f-b35c-3e4af59d69f0", "vulnerability": {"vulnId": "CVE-2025-34026", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-22T00:00:00+00:00"}, "gcve": {"object_uuid": "9643bcaf-0fcc-4f7f-b35c-3e4af59d69f0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Versa Concerto Improper Authentication Vulnerability | Affected: Versa / Concerto | Description: Versa Concerto SD-WAN orchestration platform contains an improper authentication vulnerability in the Traefik reverse proxy configuration, allowing at attacker to access administrative endpoints. The internal Actuator endpoint can be leveraged for access to heap dumps and trace logs. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security-portal.versa-networks.com/emailbulletins/6830f94328defa375486ff2e ; https://nvd.nist.gov/vuln/detail/CVE-2025-34026"}, "references": [{"id": "CVE-2025-34026", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-34026"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Concerto", "due_date": "2026-02-12", "date_added": "2026-01-22", "vendorProject": "Versa", "vulnerabilityName": "Versa Concerto Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "76b72db4-4d4f-4703-8cbb-155d34ad7cd5", "vulnerability": {"vulnId": "CVE-2025-54313", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-22T00:00:00+00:00"}, "gcve": {"object_uuid": "76b72db4-4d4f-4703-8cbb-155d34ad7cd5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Prettier eslint-config-prettier Embedded Malicious Code Vulnerability | Affected: Prettier / eslint-config-prettier | Description: Prettier eslint-config-prettier contains an embedded malicious code vulnerability. Installing an affected package executes an install.js file that launches the node-gyp.dll malware on Windows. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://www.npmjs.com/package/eslint-config-prettier?activeTab=versions ; https://github.com/prettier/eslint-config-prettier/issues/339#issuecomment-3090304490 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54313"}, "references": [{"id": "CVE-2025-54313", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-54313"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-506"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "eslint-config-prettier", "due_date": "2026-02-12", "date_added": "2026-01-22", "vendorProject": "Prettier", "vulnerabilityName": "Prettier eslint-config-prettier Embedded Malicious Code Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "06424b89-db33-4bd7-899f-8ddeaada507a", "vulnerability": {"vulnId": "CVE-2025-68645", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-22T00:00:00+00:00"}, "gcve": {"object_uuid": "06424b89-db33-4bd7-899f-8ddeaada507a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability | Affected: Synacor /  Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains a PHP remote file inclusion vulnerability that could allow for remote attackers to craft requests to the /h/rest endpoint to influence internal request dispatching, allowing inclusion of arbitrary files from the WebRoot directory. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2025-68645"}, "references": [{"id": "CVE-2025-68645", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-68645"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-98"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": " Zimbra Collaboration Suite (ZCS)", "due_date": "2026-02-12", "date_added": "2026-01-22", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) PHP Remote File Inclusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "16535a89-ee97-4fa7-bdc3-30446bdf1d84", "vulnerability": {"vulnId": "CVE-2025-31125", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-22T00:00:00+00:00"}, "gcve": {"object_uuid": "16535a89-ee97-4fa7-bdc3-30446bdf1d84", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Vite Vitejs Improper Access Control Vulnerability | Affected: Vite / Vitejs | Description: Vite Vitejs contains an improper access control vulnerability that exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/vitejs/vite/commit/59673137c45ac2bcfad1170d954347c1a17ab949 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31125"}, "references": [{"id": "CVE-2025-31125", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-31125"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200", "CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Vitejs", "due_date": "2026-02-12", "date_added": "2026-01-22", "vendorProject": "Vite", "vulnerabilityName": "Vite Vitejs Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c7c87a28-85a9-4273-b492-3ad8f3a49af3", "vulnerability": {"vulnId": "CVE-2026-20045", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "c7c87a28-85a9-4273-b492-3ad8f3a49af3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Unified Communications Products Code Injection Vulnerability | Affected: Cisco / Unified Communications Manager | Description: Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex Calling Dedicated Instance contain a code injection vulnerability that could allow the attacker to obtain user-level access to the underlying operating system and then elevate privileges to root. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-voice-rce-mORhqY4b ; https://nvd.nist.gov/vuln/detail/CVE-2026-20045"}, "references": [{"id": "CVE-2026-20045", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-20045"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Unified Communications Manager", "due_date": "2026-02-11", "date_added": "2026-01-21", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Unified Communications Products Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e3ab54db-4e6a-4bdd-831a-e3622881d712", "vulnerability": {"vulnId": "CVE-2026-20805", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-13T00:00:00+00:00"}, "gcve": {"object_uuid": "e3ab54db-4e6a-4bdd-831a-e3622881d712", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Information Disclosure Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Desktop Windows Manager contains an information disclosure vulnerability that allows an authorized attacker to disclose information locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2026-20805 ; https://nvd.nist.gov/vuln/detail/CVE-2026-20805"}, "references": [{"id": "CVE-2026-20805", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2026-20805"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2026-02-03", "date_added": "2026-01-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bb56ddc9-537f-49f3-a423-90bdb1f54121", "vulnerability": {"vulnId": "CVE-2025-8110", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-12T00:00:00+00:00"}, "gcve": {"object_uuid": "bb56ddc9-537f-49f3-a423-90bdb1f54121", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Gogs Path Traversal Vulnerability | Affected: Gogs / Gogs | Description: Gogs contains a path traversal vulnerability affecting improper Symbolic link handling in the PutContents API that could allow for code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-02-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/gogs/gogs/commit/553707f3fd5f68f47f531cfcff56aa3ec294c6f6 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8110"}, "references": [{"id": "CVE-2025-8110", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-8110"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Gogs", "due_date": "2026-02-02", "date_added": "2026-01-12", "vendorProject": "Gogs", "vulnerabilityName": "Gogs Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b1f9ef7b-1037-40d8-aae1-ea6b0c3ed483", "vulnerability": {"vulnId": "CVE-2025-37164", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-07T00:00:00+00:00"}, "gcve": {"object_uuid": "b1f9ef7b-1037-40d8-aae1-ea6b0c3ed483", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability | Affected: Hewlett Packard Enterprise (HPE) / OneView | Description: Hewlett Packard Enterprise (HPE) OneView contains a code injection vulnerability that allows a remote unauthenticated user to perform remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04985en_us&docLocale=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2025-37164"}, "references": [{"id": "CVE-2025-37164", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-37164"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "OneView", "due_date": "2026-01-28", "date_added": "2026-01-07", "vendorProject": "Hewlett Packard Enterprise (HPE)", "vulnerabilityName": "Hewlett Packard Enterprise (HPE) OneView Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b3466e6b-fb19-4ca7-b26c-4e27c84a34f9", "vulnerability": {"vulnId": "CVE-2009-0556", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2026-01-07T00:00:00+00:00"}, "gcve": {"object_uuid": "b3466e6b-fb19-4ca7-b26c-4e27c84a34f9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2026-01-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2026-01-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office PowerPoint Code Injection Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office PowerPoint contains a code injection vulnerability that allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an invalid index value that triggers memory corruption. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://learn.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-017 ; https://nvd.nist.gov/vuln/detail/CVE-2009-0556"}, "references": [{"id": "CVE-2009-0556", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-0556"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2026-01-28", "date_added": "2026-01-07", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office PowerPoint Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9cf8053e-b35b-43f6-a8a7-07455652753d", "vulnerability": {"vulnId": "CVE-2025-14847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-29T00:00:00+00:00"}, "gcve": {"object_uuid": "9cf8053e-b35b-43f6-a8a7-07455652753d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-29T00:00:00Z"}, "scope": {"notes": "KEV entry: MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability | Affected: MongoDB / MongoDB and MongoDB Server | Description: MongoDB Server contains an improper handling of length parameter inconsistency vulnerability in Zlib compressed protocol headers. This vulnerability may allow a read of uninitialized heap memory by an unauthenticated client. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://jira.mongodb.org/browse/SERVER-115508 ; https://nvd.nist.gov/vuln/detail/CVE-2025-14847"}, "references": [{"id": "CVE-2025-14847", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-14847"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-130"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MongoDB and MongoDB Server", "due_date": "2026-01-19", "date_added": "2025-12-29", "vendorProject": "MongoDB", "vulnerabilityName": "MongoDB and MongoDB Server Improper Handling of Length Parameter Inconsistency Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "acf16974-57f2-457c-a1bf-d8c80ad20323", "vulnerability": {"vulnId": "CVE-2023-52163", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-22T00:00:00+00:00"}, "gcve": {"object_uuid": "acf16974-57f2-457c-a1bf-d8c80ad20323", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Digiever DS-2105 Pro Missing Authorization Vulnerability | Affected: Digiever / DS-2105 Pro | Description: Digiever DS-2105 Pro contains a missing authorization vulnerability which could allow for command injection via time_tzsetup.cgi. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.digiever.com/tw/support/faq-content.php?FAQ=217 ; https://nvd.nist.gov/vuln/detail/CVE-2023-52163"}, "references": [{"id": "CVE-2023-52163", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-52163"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-862"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DS-2105 Pro", "due_date": "2026-01-12", "date_added": "2025-12-22", "vendorProject": "Digiever", "vulnerabilityName": "Digiever DS-2105 Pro Missing Authorization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "70374d4d-1d1e-49da-ab57-40bfdd512fcb", "vulnerability": {"vulnId": "CVE-2025-14733", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-19T00:00:00+00:00"}, "gcve": {"object_uuid": "70374d4d-1d1e-49da-ab57-40bfdd512fcb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-19T00:00:00Z"}, "scope": {"notes": "KEV entry: WatchGuard Firebox Out of Bounds Write Vulnerability | Affected: WatchGuard / Firebox | Description: WatchGuard Fireware OS iked process contains an out of bounds write vulnerability in the OS iked process. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code and affects both the mobile user VPN with IKEv2 and the branch office VPN using IKEv2 when configured with a dynamic gateway peer. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Check for signs of potential compromise on all internet accessible instances after applying mitigations. For more information please see: https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00027 ; https://nvd.nist.gov/vuln/detail/CVE-2025-14733"}, "references": [{"id": "CVE-2025-14733", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-14733"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firebox", "due_date": "2025-12-26", "date_added": "2025-12-19", "vendorProject": "WatchGuard", "vulnerabilityName": "WatchGuard Firebox Out of Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "28258185-2d4d-4828-8156-30e098fa8118", "vulnerability": {"vulnId": "CVE-2025-40602", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-17T00:00:00+00:00"}, "gcve": {"object_uuid": "28258185-2d4d-4828-8156-30e098fa8118", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-17T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SMA1000 Missing Authorization Vulnerability | Affected: SonicWall / SMA1000 appliance | Description: SonicWall SMA1000 contains a missing authorization vulnerability that could allow for privilege escalation appliance management console (AMC) of affected devices. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable | Due date: 2025-12-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Check for signs of potential compromise on all internet accessible SonicWall SMA1000 instances after applying mitigations. For more information please see: https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0019 ; https://nvd.nist.gov/vuln/detail/CVE-2025-40602"}, "references": [{"id": "CVE-2025-40602", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-40602"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-862", "CWE-250"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMA1000 appliance", "due_date": "2025-12-24", "date_added": "2025-12-17", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SMA1000 Missing Authorization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b7d02c20-138f-45e3-92e6-5626f37c19f7", "vulnerability": {"vulnId": "CVE-2025-20393", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-17T00:00:00+00:00"}, "gcve": {"object_uuid": "b7d02c20-138f-45e3-92e6-5626f37c19f7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Multiple Products Improper Input Validation Vulnerability | Affected: Cisco / Multiple Products | Description: Cisco Secure Email Gateway, Secure Email, AsyncOS Software, and Web Manager appliances contains an improper input validation vulnerability that allows threat actors to execute arbitrary commands with root privileges on the underlying operating system of an affected appliance. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Please adhere to Cisco's guidelines to assess exposure and mitigate risks. Check for signs of potential compromise on all internet accessible Cisco products affected by this vulnerability. Apply any final mitigations provided by the vendor as soon as they become available. For more information please see: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-attack-N9bf4 ; https://nvd.nist.gov/vuln/detail/CVE-2025-20393"}, "references": [{"id": "CVE-2025-20393", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-20393"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-12-24", "date_added": "2025-12-17", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Multiple Products Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "de1c4341-0d40-4dd7-abc1-e4e4177a7c4d", "vulnerability": {"vulnId": "CVE-2025-59374", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-17T00:00:00+00:00"}, "gcve": {"object_uuid": "de1c4341-0d40-4dd7-abc1-e4e4177a7c4d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-17T00:00:00Z"}, "scope": {"notes": "KEV entry: ASUS Live Update Embedded Malicious Code Vulnerability | Affected: ASUS / Live Update | Description: ASUS Live Update contains an embedded malicious code vulnerability client were distributed with unauthorized modifications introduced through a supply chain compromise. The modified builds could cause devices meeting specific targeting conditions to perform unintended actions. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.asus.com/support/faq/1018727/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-59374"}, "references": [{"id": "CVE-2025-59374", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-59374"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-506"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Live Update", "due_date": "2026-01-07", "date_added": "2025-12-17", "vendorProject": "ASUS", "vulnerabilityName": "ASUS Live Update Embedded Malicious Code Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "089be81d-6c52-48cf-9ab3-72e163a65588", "vulnerability": {"vulnId": "CVE-2025-59718", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-16T00:00:00+00:00"}, "gcve": {"object_uuid": "089be81d-6c52-48cf-9ab3-72e163a65588", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability | Affected: Fortinet / Multiple Products | Description: Fortinet FortiOS, FortiSwitchMaster, FortiProxy, and FortiWeb contain an improper verification of cryptographic signature vulnerability that may allow an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML message. Please be aware that CVE-2025-59719 pertains to the same problem and is mentioned in the same vendor advisory. Ensure to apply all patches mentioned in the advisory. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://fortiguard.fortinet.com/psirt/FG-IR-25-647 ; https://docs.fortinet.com/upgrade-tool/fortigate ; https://nvd.nist.gov/vuln/detail/CVE-2025-59718"}, "references": [{"id": "CVE-2025-59718", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-59718"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-347"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-12-23", "date_added": "2025-12-16", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet Multiple Products Improper Verification of Cryptographic Signature Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8e6e8ce9-4749-434a-b6b9-8e330185c090", "vulnerability": {"vulnId": "CVE-2025-14611", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-15T00:00:00+00:00"}, "gcve": {"object_uuid": "8e6e8ce9-4749-434a-b6b9-8e330185c090", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability | Affected: Gladinet / CentreStack and Triofox | Description: Gladinet CentreStack and TrioFox contain a hardcoded cryptographic keys vulnerability for their implementation of the AES cryptoscheme. This vulnerability degrades security for public exposed endpoints that may make use of it and may offer arbitrary local file inclusion when provided a specially crafted request without authentication. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.centrestack.com/p/gce_latest_release.html ; https://access.triofox.com/releases_history/; https://support.centrestack.com/hc/en-us/articles/360007159054-Hardening-the-CentreStack-Cluster#h_01JQRV57T37HJFQZKBZH9NBXQP ; https://nvd.nist.gov/vuln/detail/CVE-2025-14611"}, "references": [{"id": "CVE-2025-14611", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-14611"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-798"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CentreStack and Triofox", "due_date": "2026-01-05", "date_added": "2025-12-15", "vendorProject": "Gladinet", "vulnerabilityName": "Gladinet CentreStack and Triofox Hard Coded Cryptographic Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "33ca5769-0a07-497a-a3a3-2d09143e9fd2", "vulnerability": {"vulnId": "CVE-2025-43529", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-15T00:00:00+00:00"}, "gcve": {"object_uuid": "33ca5769-0a07-497a-a3a3-2d09143e9fd2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Use-After-Free WebKit Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and other Apple products contain a use-after-free vulnerability in WebKit. Processing maliciously crafted web content may lead to memory corruption. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/125884 ; https://support.apple.com/en-us/125892 ; https://support.apple.com/en-us/125885 ; https://support.apple.com/en-us/125886 ; https://support.apple.com/en-us/125889 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43529"}, "references": [{"id": "CVE-2025-43529", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-43529"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2026-01-05", "date_added": "2025-12-15", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Use-After-Free WebKit Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6ee4dcf4-f700-4352-aef0-d26a831842d4", "vulnerability": {"vulnId": "CVE-2025-14174", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-12T00:00:00+00:00"}, "gcve": {"object_uuid": "6ee4dcf4-f700-4352-aef0-d26a831842d4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Out of Bounds Memory Access Vulnerability | Affected: Google / Chromium | Description: Google Chromium contains an out of bounds memory access vulnerability in ANGLE that could allow a remote attacker to perform out of bounds memory access via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2025/12/stable-channel-update-for-desktop_10.html ; https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security ; https://nvd.nist.gov/vuln/detail/CVE-2025-14174"}, "references": [{"id": "CVE-2025-14174", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-14174"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium", "due_date": "2026-01-02", "date_added": "2025-12-12", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Out of Bounds Memory Access Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2affdb08-a301-48b9-82e2-8c0aef52a73b", "vulnerability": {"vulnId": "CVE-2018-4063", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-12T00:00:00+00:00"}, "gcve": {"object_uuid": "2affdb08-a301-48b9-82e2-8c0aef52a73b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability | Affected: Sierra Wireless / AirLink ALEOS | Description: Sierra Wireless AirLink ALEOS contains an unrestricted upload of file with dangerous type vulnerability. A specially crafted HTTP request can upload a file, resulting in executable code being uploaded, and routable, to the webserver. An attacker can make an authenticated HTTP request to trigger this vulnerability. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.cisa.gov/news-events/ics-advisories/icsa-19-122-03 ; https://source.sierrawireless.com/resources/airlink/software_reference_docs/technical-bulletin/sierra-wireless-technical-bulletin---swi-psa-2019-003 ; https://source.sierrawireless.com/resources/airlink/hardware_reference_docs/airlink_es450_eol ; https://nvd.nist.gov/vuln/detail/CVE-2018-4063"}, "references": [{"id": "CVE-2018-4063", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-4063"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AirLink ALEOS", "due_date": "2026-01-02", "date_added": "2025-12-12", "vendorProject": "Sierra Wireless", "vulnerabilityName": "Sierra Wireless AirLink ALEOS Unrestricted Upload of File with Dangerous Type Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "901d3b42-7081-48fa-ae64-bf9f22042429", "vulnerability": {"vulnId": "CVE-2025-58360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-11T00:00:00+00:00"}, "gcve": {"object_uuid": "901d3b42-7081-48fa-ae64-bf9f22042429", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-11T00:00:00Z"}, "scope": {"notes": "KEV entry: OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability | Affected: OSGeo / GeoServer | Description: OSGeo GeoServer contains an improper restriction of XML external entity reference vulnerability that occurs when the application accepts XML input through a specific endpoint /geoserver/wms operation GetMap and could allow an attacker to define external entities within the XML request. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2026-01-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects an open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/geoserver/geoserver/security/advisories/GHSA-fjf5-xgmq-5525 ; https://osgeo-org.atlassian.net/browse/GEOS-11922 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58360"}, "references": [{"id": "CVE-2025-58360", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-58360"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-611"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "GeoServer", "due_date": "2026-01-01", "date_added": "2025-12-11", "vendorProject": "OSGeo", "vulnerabilityName": "OSGeo GeoServer Improper Restriction of XML External Entity Reference Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "80109660-17bc-443f-bbba-5ac38d65b437", "vulnerability": {"vulnId": "CVE-2025-62221", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-09T00:00:00+00:00"}, "gcve": {"object_uuid": "80109660-17bc-443f-bbba-5ac38d65b437", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Use After Free Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Cloud Files Mini Filter Driver contains a use after free vulnerability that can allow an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62221 ; https://nvd.nist.gov/vuln/detail/CVE-2025-62221"}, "references": [{"id": "CVE-2025-62221", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-62221"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-12-30", "date_added": "2025-12-09", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Use After Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e49f176c-d205-40f8-ae79-eea17df0496e", "vulnerability": {"vulnId": "CVE-2025-6218", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-09T00:00:00+00:00"}, "gcve": {"object_uuid": "e49f176c-d205-40f8-ae79-eea17df0496e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-09T00:00:00Z"}, "scope": {"notes": "KEV entry: RARLAB WinRAR Path Traversal Vulnerability | Affected: RARLAB / WinRAR | Description: RARLAB WinRAR contains a path traversal vulnerability allowing an attacker to execute code in the context of the current user. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=276&cHash=b5165454d983fc9717bc8748901a64f9 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6218"}, "references": [{"id": "CVE-2025-6218", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-6218"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WinRAR", "due_date": "2025-12-30", "date_added": "2025-12-09", "vendorProject": "RARLAB", "vulnerabilityName": "RARLAB WinRAR Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6a14ca05-6976-4bfd-a46c-17b6f6cf93c0", "vulnerability": {"vulnId": "CVE-2022-37055", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-08T00:00:00+00:00"}, "gcve": {"object_uuid": "6a14ca05-6976-4bfd-a46c-17b6f6cf93c0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-08T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link Routers Buffer Overflow Vulnerability | Affected: D-Link / Routers | Description: D-Link Routers contains a buffer overflow vulnerability that has a high impact on confidentiality, integrity, and availability. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10308 ; https://nvd.nist.gov/vuln/detail/CVE-2022-37055"}, "references": [{"id": "CVE-2022-37055", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-37055"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-120"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Routers", "due_date": "2025-12-29", "date_added": "2025-12-08", "vendorProject": "D-Link", "vulnerabilityName": "D-Link Routers Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8c7d6cfd-1f7e-4dcf-a23f-93734ced20a0", "vulnerability": {"vulnId": "CVE-2025-66644", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-08T00:00:00+00:00"}, "gcve": {"object_uuid": "8c7d6cfd-1f7e-4dcf-a23f-93734ced20a0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Array Networks ArrayOS AG OS Command Injection Vulnerability | Affected: Array Networks  / ArrayOS AG | Description: Array Networks ArrayOS AG contains an OS command injection vulnerability that could allow an attacker to execute arbitrary commands. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/ag.html ; https://www.jpcert.or.jp/at/2025/at250024.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-66644"}, "references": [{"id": "CVE-2025-66644", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-66644"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ArrayOS AG", "due_date": "2025-12-29", "date_added": "2025-12-08", "vendorProject": "Array Networks ", "vulnerabilityName": "Array Networks ArrayOS AG OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f2499bae-8284-4870-958d-78827499a50b", "vulnerability": {"vulnId": "CVE-2025-55182", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "f2499bae-8284-4870-958d-78827499a50b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Meta React Server Components Remote Code Execution Vulnerability | Affected: Meta / React Server Components | Description: Meta React Server Components contains a remote code execution vulnerability that could allow unauthenticated remote code execution by exploiting a flaw in how React decodes payloads sent to React Server Function endpoints. Please note CVE-2025-66478 has been rejected, but it is associated with CVE-2025- 55182. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-12 | Known ransomware campaign use (KEV): Known | Notes (KEV): Check for signs of potential compromise on all internet accessible REACT instances after applying mitigations. For more information, please see: https://react.dev/blog/2025/12/03/critical-security-vulnerability-in-react-server-components ; https://github.com/vercel-labs/fix-react2shell-next?tab=readme-ov-file ; https://nvd.nist.gov/vuln/detail/CVE-2025-55182"}, "references": [{"id": "CVE-2025-55182", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-55182"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "React Server Components", "due_date": "2025-12-12", "date_added": "2025-12-05", "vendorProject": "Meta", "vulnerabilityName": "Meta React Server Components Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "fc5b0752-b988-428c-8274-6bf35ca27519", "vulnerability": {"vulnId": "CVE-2021-26828", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fc5b0752-b988-428c-8274-6bf35ca27519", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-03T00:00:00Z"}, "scope": {"notes": "KEV entry: OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability | Affected: OpenPLC / ScadaBR | Description: OpenPLC ScadaBR contains an unrestricted upload of file with dangerous type vulnerability that allows remote authenticated users to upload and execute arbitrary JSP files via view_edit.shtm. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/SCADA-LTS/Scada-LTS/pull/2174 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26828"}, "references": [{"id": "CVE-2021-26828", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-26828"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ScadaBR", "due_date": "2025-12-24", "date_added": "2025-12-03", "vendorProject": "OpenPLC", "vulnerabilityName": "OpenPLC ScadaBR Unrestricted Upload of File with Dangerous Type Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7f96d8fd-1fed-483d-8cc0-0e0d585cc421", "vulnerability": {"vulnId": "CVE-2025-48633", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-02T00:00:00+00:00"}, "gcve": {"object_uuid": "7f96d8fd-1fed-483d-8cc0-0e0d585cc421", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Framework Information Disclosure Vulnerability | Affected: Android / Framework | Description: Android Framework contains an unspecified vulnerability that allows for information disclosure. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48633"}, "references": [{"id": "CVE-2025-48633", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-48633"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Framework", "due_date": "2025-12-23", "date_added": "2025-12-02", "vendorProject": "Android", "vulnerabilityName": "Android Framework Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "434bcbc3-8004-4518-993c-c293a2b4d6e3", "vulnerability": {"vulnId": "CVE-2025-48572", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-12-02T00:00:00+00:00"}, "gcve": {"object_uuid": "434bcbc3-8004-4518-993c-c293a2b4d6e3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-12-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-12-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Framework Privilege Escalation Vulnerability | Affected: Android / Framework | Description: Android Framework contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://source.android.com/docs/security/bulletin/2025-12-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48572"}, "references": [{"id": "CVE-2025-48572", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-48572"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Framework", "due_date": "2025-12-23", "date_added": "2025-12-02", "vendorProject": "Android", "vulnerabilityName": "Android Framework Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "939f18ee-a33b-4388-83dc-76f48b8fce44", "vulnerability": {"vulnId": "CVE-2021-26829", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-28T00:00:00+00:00"}, "gcve": {"object_uuid": "939f18ee-a33b-4388-83dc-76f48b8fce44", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-11-28T00:00:00Z"}, "scope": {"notes": "KEV entry: OpenPLC ScadaBR Cross-site Scripting Vulnerability | Affected: OpenPLC / ScadaBR | Description: OpenPLC ScadaBR contains a cross-site scripting vulnerability via system_settings.shtm. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/SCADA-LTS/Scada-LTS/pull/3211 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26829"}, "references": [{"id": "CVE-2021-26829", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-26829"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ScadaBR", "due_date": "2025-12-19", "date_added": "2025-11-28", "vendorProject": "OpenPLC", "vulnerabilityName": "OpenPLC ScadaBR Cross-site Scripting Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7db0e106-d262-4d20-a0a1-6ddd4bf91768", "vulnerability": {"vulnId": "CVE-2025-61757", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-21T00:00:00+00:00"}, "gcve": {"object_uuid": "7db0e106-d262-4d20-a0a1-6ddd4bf91768", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-11-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability | Affected: Oracle / Fusion Middleware | Description: Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/cpuoct2025.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61757"}, "references": [{"id": "CVE-2025-61757", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-61757"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Fusion Middleware", "due_date": "2025-12-12", "date_added": "2025-11-21", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9822f051-1b06-4d96-ba84-0c87d5dd1e63", "vulnerability": {"vulnId": "CVE-2025-13223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-19T00:00:00+00:00"}, "gcve": {"object_uuid": "9822f051-1b06-4d96-ba84-0c87d5dd1e63", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-11-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 contains a type confusion vulnerability that allows for heap corruption. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2025/11/stable-channel-update-for-desktop_17.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-13223"}, "references": [{"id": "CVE-2025-13223", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-13223"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2025-12-10", "date_added": "2025-11-19", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ea3b9b92-e2bb-4910-a611-ef3cb107f078", "vulnerability": {"vulnId": "CVE-2025-58034", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-18T00:00:00+00:00"}, "gcve": {"object_uuid": "ea3b9b92-e2bb-4910-a611-ef3cb107f078", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-11-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiWeb OS Command Injection Vulnerability | Affected: Fortinet / FortiWeb | Description: Fortinet FortiWeb contains an OS command Injection vulnerability that may allow an authenticated attacker to execute unauthorized code on the underlying system via crafted HTTP requests or CLI commands. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://fortiguard.fortinet.com/psirt/FG-IR-25-513 ; https://nvd.nist.gov/vuln/detail/CVE-2025-58034"}, "references": [{"id": "CVE-2025-58034", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-58034"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiWeb", "due_date": "2025-11-25", "date_added": "2025-11-18", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiWeb OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7b8bf274-3de5-4bce-93db-9575daf87869", "vulnerability": {"vulnId": "CVE-2025-64446", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "7b8bf274-3de5-4bce-93db-9575daf87869", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-11-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiWeb Path Traversal Vulnerability | Affected: Fortinet / FortiWeb | Description: Fortinet FortiWeb contains a relative path traversal vulnerability that may allow an unauthenticated attacker to execute administrative commands on the system via crafted HTTP or HTTPS requests. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.fortiguard.com/psirt/FG-IR-25-910 ; https://nvd.nist.gov/vuln/detail/CVE-2025-64446"}, "references": [{"id": "CVE-2025-64446", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-64446"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-23"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiWeb", "due_date": "2025-11-21", "date_added": "2025-11-14", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiWeb Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a46ec38f-dd45-4cac-919a-9d39e06b6334", "vulnerability": {"vulnId": "CVE-2025-12480", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "a46ec38f-dd45-4cac-919a-9d39e06b6334", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-11-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Gladinet Triofox Improper Access Control Vulnerability | Affected: Gladinet / Triofox | Description: Gladinet Triofox contains an improper access control vulnerability that allows access to initial setup pages even after setup is complete. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://access.triofox.com/releases_history ; https://nvd.nist.gov/vuln/detail/CVE-2025-12480"}, "references": [{"id": "CVE-2025-12480", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-12480"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Triofox", "due_date": "2025-12-03", "date_added": "2025-11-12", "vendorProject": "Gladinet", "vulnerabilityName": "Gladinet Triofox Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d8fbc910-3242-4f6e-ab55-164e43ede46a", "vulnerability": {"vulnId": "CVE-2025-9242", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "d8fbc910-3242-4f6e-ab55-164e43ede46a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-11-12T00:00:00Z"}, "scope": {"notes": "KEV entry: WatchGuard Firebox Out-of-Bounds Write Vulnerability | Affected: WatchGuard / Firebox | Description: WatchGuard Firebox contains an out-of-bounds write vulnerability in the OS iked process that may allow a remote unauthenticated attacker to execute arbitrary code. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 ; https://nvd.nist.gov/vuln/detail/CVE-2025-9242"}, "references": [{"id": "CVE-2025-9242", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-9242"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firebox", "due_date": "2025-12-03", "date_added": "2025-11-12", "vendorProject": "WatchGuard", "vulnerabilityName": "WatchGuard Firebox Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ed4c1ade-8654-4385-b279-1644f1aefd82", "vulnerability": {"vulnId": "CVE-2025-62215", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "ed4c1ade-8654-4385-b279-1644f1aefd82", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-11-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Race Condition Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Kernel contains a race condition vulnerability that allows a local attacker with low-level privileges to escalate privileges. Successful exploitation of this vulnerability could enable the attacker to gain SYSTEM-level access. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-62215 ; https://nvd.nist.gov/vuln/detail/CVE-2025-62215"}, "references": [{"id": "CVE-2025-62215", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-62215"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-362"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-12-03", "date_added": "2025-11-12", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Race Condition Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "20521150-22f6-412f-9e36-69d6a1a69c22", "vulnerability": {"vulnId": "CVE-2025-21042", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-10T00:00:00+00:00"}, "gcve": {"object_uuid": "20521150-22f6-412f-9e36-69d6a1a69c22", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-11-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Out-of-Bounds Write Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-12-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=04 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21042"}, "references": [{"id": "CVE-2025-21042", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-21042"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2025-12-01", "date_added": "2025-11-10", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9fa2e734-fa83-44f2-88fb-26ccfec65e42", "vulnerability": {"vulnId": "CVE-2025-11371", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-04T00:00:00+00:00"}, "gcve": {"object_uuid": "9fa2e734-fa83-44f2-88fb-26ccfec65e42", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-11-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability | Affected: Gladinet / CentreStack and Triofox | Description: Gladinet CentreStack and Triofox contains a files or directories accessible to external parties vulnerability that allows unintended disclosure of system files. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.centrestack.com/p/gce_latest_release.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-11371"}, "references": [{"id": "CVE-2025-11371", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-11371"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-552"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CentreStack and Triofox", "due_date": "2025-11-25", "date_added": "2025-11-04", "vendorProject": "Gladinet", "vulnerabilityName": "Gladinet CentreStack and Triofox Files or Directories Accessible to External Parties Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "36f568d8-949f-4877-b786-abdfdae9347e", "vulnerability": {"vulnId": "CVE-2025-48703", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-11-04T00:00:00+00:00"}, "gcve": {"object_uuid": "36f568d8-949f-4877-b786-abdfdae9347e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-11-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-11-04T00:00:00Z"}, "scope": {"notes": "KEV entry: CWP Control Web Panel OS Command Injection Vulnerability | Affected: CWP / Control Web Panel | Description: CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command Injection vulnerability that allows unauthenticated remote code execution via shell metacharacters in the t_total parameter in a filemanager changePerm request. A valid non-root username must be known. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://control-webpanel.com/changelog ; https://nvd.nist.gov/vuln/detail/CVE-2025-48703"}, "references": [{"id": "CVE-2025-48703", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-48703"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Control Web Panel", "due_date": "2025-11-25", "date_added": "2025-11-04", "vendorProject": "CWP", "vulnerabilityName": "CWP Control Web Panel OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1014d598-5e94-4dd2-80ba-5b78361a2be4", "vulnerability": {"vulnId": "CVE-2025-24893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1014d598-5e94-4dd2-80ba-5b78361a2be4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-30T00:00:00Z"}, "scope": {"notes": "KEV entry: XWiki Platform Eval Injection Vulnerability | Affected: XWiki / Platform | Description: XWiki Platform contains an eval injection vulnerability that could allow any guest to perform arbitrary remote code execution through a request to SolrSearch. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rr6p-3pfg-562j ; https://nvd.nist.gov/vuln/detail/CVE-2025-24893"}, "references": [{"id": "CVE-2025-24893", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24893"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-95"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Platform", "due_date": "2025-11-20", "date_added": "2025-10-30", "vendorProject": "XWiki", "vulnerabilityName": "XWiki Platform Eval Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9fd4b32e-9fdc-4ef0-9be1-835efead37fb", "vulnerability": {"vulnId": "CVE-2025-41244", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9fd4b32e-9fdc-4ef0-9be1-835efead37fb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability | Affected: Broadcom / VMware Aria Operations and VMware Tools | Description: Broadcom VMware Aria Operations and VMware Tools contain a privilege defined with unsafe actions vulnerability. A malicious local actor with non-administrative privileges having access to a VM with VMware Tools installed and managed by Aria Operations with SDMP enabled may exploit this vulnerability to escalate privileges to root on the same VM. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/36149 ; https://nvd.nist.gov/vuln/detail/CVE-2025-41244"}, "references": [{"id": "CVE-2025-41244", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-41244"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-267"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VMware Aria Operations and VMware Tools", "due_date": "2025-11-20", "date_added": "2025-10-30", "vendorProject": "Broadcom", "vulnerabilityName": "Broadcom VMware Aria Operations and VMware Tools Privilege Defined with Unsafe Actions Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fd1f0721-5bdd-4f22-a03c-10f8d71385a2", "vulnerability": {"vulnId": "CVE-2025-6205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-28T00:00:00+00:00"}, "gcve": {"object_uuid": "fd1f0721-5bdd-4f22-a03c-10f8d71385a2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Dassault Syst\u00e8mes DELMIA Apriso Missing Authorization Vulnerability | Affected: Dassault Syst\u00e8mes / DELMIA Apriso | Description: Dassault Syst\u00e8mes DELMIA Apriso contains a missing authorization vulnerability that could allow an attacker to gain privileged access to the application. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6205 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6205"}, "references": [{"id": "CVE-2025-6205", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-6205"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-862"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DELMIA Apriso", "due_date": "2025-11-18", "date_added": "2025-10-28", "vendorProject": "Dassault Syst\u00e8mes", "vulnerabilityName": "Dassault Syst\u00e8mes DELMIA Apriso Missing Authorization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "89bd70cf-33e3-43d9-bc72-f5a316fd9bd7", "vulnerability": {"vulnId": "CVE-2025-6204", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-28T00:00:00+00:00"}, "gcve": {"object_uuid": "89bd70cf-33e3-43d9-bc72-f5a316fd9bd7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Dassault Syst\u00e8mes DELMIA Apriso Code Injection Vulnerability | Affected: Dassault Syst\u00e8mes / DELMIA Apriso | Description: Dassault Syst\u00e8mes DELMIA Apriso contains a code injection vulnerability that could allow an attacker to execute arbitrary code. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.3ds.com/trust-center/security/security-advisories/cve-2025-6204 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6204"}, "references": [{"id": "CVE-2025-6204", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-6204"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DELMIA Apriso", "due_date": "2025-11-18", "date_added": "2025-10-28", "vendorProject": "Dassault Syst\u00e8mes", "vulnerabilityName": "Dassault Syst\u00e8mes DELMIA Apriso Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "003f07c3-4b1e-4dc4-99d8-ca33d0431528", "vulnerability": {"vulnId": "CVE-2025-59287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "003f07c3-4b1e-4dc4-99d8-ca33d0431528", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Server Update Service (WSUS) contains a deserialization of untrusted data vulnerability that allows for remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59287 ; https://nvd.nist.gov/vuln/detail/CVE-2025-59287"}, "references": [{"id": "CVE-2025-59287", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-59287"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-11-14", "date_added": "2025-10-24", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Server Update Service (WSUS) Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4f1dc8bc-f1c6-497f-8b18-5f8ae3ee8a5e", "vulnerability": {"vulnId": "CVE-2025-54236", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "4f1dc8bc-f1c6-497f-8b18-5f8ae3ee8a5e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability | Affected: Adobe / Commerce and\u202fMagento | Description: Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://experienceleague.adobe.com/en/docs/experience-cloud-kcs/kbarticles/ka-27397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54236"}, "references": [{"id": "CVE-2025-54236", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-54236"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Commerce and\u202fMagento", "due_date": "2025-11-14", "date_added": "2025-10-24", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Commerce and\u202fMagento Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "837113a8-92b5-4c44-b409-f722ac7d1983", "vulnerability": {"vulnId": "CVE-2025-61932", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-22T00:00:00+00:00"}, "gcve": {"object_uuid": "837113a8-92b5-4c44-b409-f722ac7d1983", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability | Affected: Motex / LANSCOPE Endpoint Manager | Description: Motex LANSCOPE Endpoint Manager contains an improper verification of source of a communication channel vulnerability allowing an attacker to execute arbitrary code by sending specially crafted packets. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.motex.co.jp/news/notice/2025/release251020/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-61932"}, "references": [{"id": "CVE-2025-61932", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-61932"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-940"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "LANSCOPE Endpoint Manager", "due_date": "2025-11-12", "date_added": "2025-10-22", "vendorProject": "Motex", "vulnerabilityName": "Motex LANSCOPE Endpoint Manager Improper Verification of Source of a Communication Channel Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "93d74598-7e4e-46bc-8806-7233c367e9dd", "vulnerability": {"vulnId": "CVE-2022-48503", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-20T00:00:00+00:00"}, "gcve": {"object_uuid": "93d74598-7e4e-46bc-8806-7233c367e9dd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Unspecified Vulnerability | Affected: Apple / Multiple Products | Description: Apple macOS, iOS, tvOS, Safari, and watchOS contain an unspecified vulnerability in JavaScriptCore that when processing web content may lead to arbitrary code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213340 ; https://support.apple.com/en-us/HT213341 ; https://support.apple.com/en-us/HT213342 ; https://support.apple.com/en-us/HT213345 ; https://support.apple.com/en-us/HT213346 ; https://nvd.nist.gov/vuln/detail/CVE-2022-48503"}, "references": [{"id": "CVE-2022-48503", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-48503"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-11-10", "date_added": "2025-10-20", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "96c2a03b-51cd-4eef-9865-269a2b881c16", "vulnerability": {"vulnId": "CVE-2025-33073", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-20T00:00:00+00:00"}, "gcve": {"object_uuid": "96c2a03b-51cd-4eef-9865-269a2b881c16", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows SMB Client Improper Access Control Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows SMB Client contains an improper access control vulnerability that could allow for privilege escalation. An attacker could execute a specially crafted malicious script to coerce the victim machine to connect back to the attack system using SMB and authenticate. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-33073 ; https://nvd.nist.gov/vuln/detail/CVE-2025-33073"}, "references": [{"id": "CVE-2025-33073", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-33073"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-11-10", "date_added": "2025-10-20", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows SMB Client Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "09cc78e6-cce2-46dc-a0f3-eabb728f91e4", "vulnerability": {"vulnId": "CVE-2025-2747", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-20T00:00:00+00:00"}, "gcve": {"object_uuid": "09cc78e6-cce2-46dc-a0f3-eabb728f91e4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability | Affected: Kentico / Xperience CMS | Description: Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2747"}, "references": [{"id": "CVE-2025-2747", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-2747"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Xperience CMS", "due_date": "2025-11-10", "date_added": "2025-10-20", "vendorProject": "Kentico", "vulnerabilityName": "Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "835851a8-d56c-4109-bf0a-aacca3b6ccf9", "vulnerability": {"vulnId": "CVE-2025-61884", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-20T00:00:00+00:00"}, "gcve": {"object_uuid": "835851a8-d56c-4109-bf0a-aacca3b6ccf9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability | Affected: Oracle / E-Business Suite | Description: Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.oracle.com/security-alerts/alert-cve-2025-61884.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61884"}, "references": [{"id": "CVE-2025-61884", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-61884"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "E-Business Suite", "due_date": "2025-11-10", "date_added": "2025-10-20", "vendorProject": "Oracle", "vulnerabilityName": "Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "237aa89d-a7f6-4c3d-8d70-c72952d464d4", "vulnerability": {"vulnId": "CVE-2025-2746", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-20T00:00:00+00:00"}, "gcve": {"object_uuid": "237aa89d-a7f6-4c3d-8d70-c72952d464d4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability | Affected: Kentico / Xperience CMS | Description: Kentico Xperience CMS contains an authentication bypass using an alternate path or channel vulnerability that could allow an attacker to control administrative objects. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://devnet.kentico.com/download/hotfixes ; https://nvd.nist.gov/vuln/detail/CVE-2025-2746"}, "references": [{"id": "CVE-2025-2746", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-2746"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Xperience CMS", "due_date": "2025-11-10", "date_added": "2025-10-20", "vendorProject": "Kentico", "vulnerabilityName": "Kentico Xperience CMS Authentication Bypass Using an Alternate Path or Channel Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "88b9cd52-185e-4de9-a2c1-82a3c7169be4", "vulnerability": {"vulnId": "CVE-2025-54253", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-15T00:00:00+00:00"}, "gcve": {"object_uuid": "88b9cd52-185e-4de9-a2c1-82a3c7169be4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Experience Manager Forms Code Execution Vulnerability | Affected: Adobe / Experience Manager (AEM) Forms | Description: Adobe Experience Manager Forms in JEE contains an unspecified vulnerability that allows for arbitrary code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://helpx.adobe.com/security/products/aem-forms/apsb25-82.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-54253"}, "references": [{"id": "CVE-2025-54253", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-54253"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Experience Manager (AEM) Forms", "due_date": "2025-11-05", "date_added": "2025-10-15", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Experience Manager Forms Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f9421cbe-c57d-48dd-b04a-cbcc9922a63d", "vulnerability": {"vulnId": "CVE-2025-59230", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-14T00:00:00+00:00"}, "gcve": {"object_uuid": "f9421cbe-c57d-48dd-b04a-cbcc9922a63d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Improper Access Control Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows contains an improper access control vulnerability in Windows Remote Access Connection Manager which could allow an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-59230 ; https://nvd.nist.gov/vuln/detail/CVE-2025-59230"}, "references": [{"id": "CVE-2025-59230", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-59230"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-11-04", "date_added": "2025-10-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d7e9e75e-0b81-4303-902b-d2ba3bee4622", "vulnerability": {"vulnId": "CVE-2016-7836", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-14T00:00:00+00:00"}, "gcve": {"object_uuid": "d7e9e75e-0b81-4303-902b-d2ba3bee4622", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-14T00:00:00Z"}, "scope": {"notes": "KEV entry: SKYSEA Client View Improper Authentication Vulnerability | Affected: SKYSEA / Client View | Description: SKYSEA Client View contains an improper authentication vulnerability that allows remote code execution via a flaw in processing authentication on the TCP connection with the management console program. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.skyseaclientview.net/news/161221/ ; https://nvd.nist.gov/vuln/detail/CVE-2016-7836"}, "references": [{"id": "CVE-2016-7836", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-7836"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Client View", "due_date": "2025-11-04", "date_added": "2025-10-14", "vendorProject": "SKYSEA", "vulnerabilityName": "SKYSEA Client View Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "54ed79ab-52dd-453f-af67-52767e354b2c", "vulnerability": {"vulnId": "CVE-2025-47827", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-14T00:00:00+00:00"}, "gcve": {"object_uuid": "54ed79ab-52dd-453f-af67-52767e354b2c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-14T00:00:00Z"}, "scope": {"notes": "KEV entry: IGEL OS Use of a Key Past its Expiration Date Vulnerability | Affected: IGEL / IGEL OS | Description: IGEL OS contains a use of a key past its expiration date vulnerability that allows for Secure Boot bypass. The igel-flash-driver module improperly verifies a cryptographic signature. Ultimately, a crafted root filesystem can be mounted from an unverified SquashFS image. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-47827 ; https://nvd.nist.gov/vuln/detail/CVE-2025-47827"}, "references": [{"id": "CVE-2025-47827", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-47827"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-324"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IGEL OS", "due_date": "2025-11-04", "date_added": "2025-10-14", "vendorProject": "IGEL", "vulnerabilityName": "IGEL OS Use of a Key Past its Expiration Date Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "eaf1cbe7-2d0a-4fcd-ad55-d8ee729321de", "vulnerability": {"vulnId": "CVE-2025-24990", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-14T00:00:00+00:00"}, "gcve": {"object_uuid": "eaf1cbe7-2d0a-4fcd-ad55-d8ee729321de", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Untrusted Pointer Dereference Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Agere Modem Driver contains an untrusted pointer dereference vulnerability that allows for privilege escalation. An attacker who successfully exploited this vulnerability could gain administrator privileges. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-11-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24990 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24990"}, "references": [{"id": "CVE-2025-24990", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24990"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-822"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-11-04", "date_added": "2025-10-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Untrusted Pointer Dereference Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "33171cb8-b7c2-4930-b136-606514a936cd", "vulnerability": {"vulnId": "CVE-2021-43798", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-09T00:00:00+00:00"}, "gcve": {"object_uuid": "33171cb8-b7c2-4930-b136-606514a936cd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Grafana Path Traversal Vulnerability | Affected: Grafana Labs / Grafana | Description: Grafana contains a path traversal vulnerability that could allow access to local files. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://grafana.com/blog/2021/12/07/grafana-8.3.1-8.2.7-8.1.8-and-8.0.7-released-with-high-severity-security-fix/ ; https://nvd.nist.gov/vuln/detail/CVE-2021-43798"}, "references": [{"id": "CVE-2021-43798", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-43798"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Grafana", "due_date": "2025-10-30", "date_added": "2025-10-09", "vendorProject": "Grafana Labs", "vulnerabilityName": "Grafana Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f0c13b0d-ff14-4e8a-94fb-cdbbd19f2678", "vulnerability": {"vulnId": "CVE-2025-27915", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-07T00:00:00+00:00"}, "gcve": {"object_uuid": "f0c13b0d-ff14-4e8a-94fb-cdbbd19f2678", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that exists in the Classic Web Client due to insufficient sanitization of HTML content in ICS files. When a user views an e-mail message containing a malicious ICS entry, its embedded JavaScript executes via an ontoggle event inside a tag. This allows an attacker to run arbitrary JavaScript within the victim's session, potentially leading to unauthorized actions such as setting e-mail filters to redirect messages to an attacker-controlled address. As a result, an attacker can perform unauthorized actions on the victim's account, including e-mail redirection and data exfiltration. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2025-27915"}, "references": [{"id": "CVE-2025-27915", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-27915"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2025-10-28", "date_added": "2025-10-07", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-site Scripting Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f026300a-3f65-4545-87e2-31fc879e710e", "vulnerability": {"vulnId": "CVE-2025-61882", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-06T00:00:00+00:00"}, "gcve": {"object_uuid": "f026300a-3f65-4545-87e2-31fc879e710e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle E-Business Suite Unspecified Vulnerability | Affected: Oracle / E-Business Suite | Description: Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-27 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.oracle.com/security-alerts/alert-cve-2025-61882.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-61882"}, "references": [{"id": "CVE-2025-61882", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-61882"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "E-Business Suite", "due_date": "2025-10-27", "date_added": "2025-10-06", "vendorProject": "Oracle", "vulnerabilityName": "Oracle E-Business Suite Unspecified Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "4b092c95-342f-4389-97b6-c05e3b92fe53", "vulnerability": {"vulnId": "CVE-2021-43226", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-06T00:00:00+00:00"}, "gcve": {"object_uuid": "4b092c95-342f-4389-97b6-c05e3b92fe53", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Common Log File System Driver contains a privilege escalation vulnerability that could allow a local, privileged attacker to bypass certain security mechanisms. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-43226 ; https://nvd.nist.gov/vuln/detail/CVE-2021-43226"}, "references": [{"id": "CVE-2021-43226", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-43226"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-10-27", "date_added": "2025-10-06", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "840d0463-efa3-46ab-806a-874862b51646", "vulnerability": {"vulnId": "CVE-2010-3765", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-06T00:00:00+00:00"}, "gcve": {"object_uuid": "840d0463-efa3-46ab-806a-874862b51646", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Multiple Products Remote Code Execution Vulnerability | Affected: Mozilla / Multiple Products | Description: Mozilla Firefox, SeaMonkey, and Thunderbird contain an unspecified vulnerability when JavaScript is enabled. This allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.mozilla.org/en-US/security/advisories/mfsa2010-73 ; https://nvd.nist.gov/vuln/detail/CVE-2010-3765"}, "references": [{"id": "CVE-2010-3765", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-3765"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-10-27", "date_added": "2025-10-06", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Multiple Products Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c266ced1-d925-4e85-abed-4ecb621aaa53", "vulnerability": {"vulnId": "CVE-2021-22555", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-06T00:00:00+00:00"}, "gcve": {"object_uuid": "c266ced1-d925-4e85-abed-4ecb621aaa53", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Heap Out-of-Bounds Write Vulnerability | Affected: Linux / Kernel | Description: Linux Kernel contains a heap out-of-bounds write vulnerability that could allow an attacker to gain privileges or cause a DoS (via heap memory corruption) through user name space. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=9fa492cdc160cd27ce1046cb36f47d3b2b1efa21 ; https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/net/netfilter/x_tables.c?id=b29c457a6511435960115c0f548c4360d5f4801d ; https://security.netapp.com/advisory/ntap-20210805-0010/ ; https://github.com/google/security-research/security/advisories/GHSA-xxx5-8mvq-3528 ; https://nvd.nist.gov/vuln/detail/CVE-2021-22555"}, "references": [{"id": "CVE-2021-22555", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22555"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2025-10-27", "date_added": "2025-10-06", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Heap Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "efa8ef0e-acdc-47b4-8451-8d32b135d25e", "vulnerability": {"vulnId": "CVE-2011-3402", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-06T00:00:00+00:00"}, "gcve": {"object_uuid": "efa8ef0e-acdc-47b4-8451-8d32b135d25e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Kernel contains an unspecified vulnerability in the TrueType font parsing engine in win32k.sys in the kernel-mode drivers that allows remote attackers to execute arbitrary code via crafted font data in a Word document or web page. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://docs.microsoft.com/en-us/security-updates/securitybulletins/2011/ms11-087 ; https://nvd.nist.gov/vuln/detail/CVE-2011-3402"}, "references": [{"id": "CVE-2011-3402", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-3402"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-10-27", "date_added": "2025-10-06", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "26edd392-dae0-49bc-ac05-fdbcc1689c83", "vulnerability": {"vulnId": "CVE-2013-3918", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-06T00:00:00+00:00"}, "gcve": {"object_uuid": "26edd392-dae0-49bc-ac05-fdbcc1689c83", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Out-of-Bounds Write Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows contains an out-of-bounds write vulnerability in the InformationCardSigninHelper Class ActiveX control, icardie.dll. An attacker could exploit the vulnerability by constructing a specially crafted webpage. When a user views the webpage, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://docs.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-090 ; https://nvd.nist.gov/vuln/detail/CVE-2013-3918"}, "references": [{"id": "CVE-2013-3918", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-3918"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-10-27", "date_added": "2025-10-06", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fc27b54a-e79c-40c3-b141-be60acba7b1a", "vulnerability": {"vulnId": "CVE-2010-3962", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-06T00:00:00+00:00"}, "gcve": {"object_uuid": "fc27b54a-e79c-40c3-b141-be60acba7b1a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains an uninitialized memory corruption vulnerability that could allow for remote code execution. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://learn.microsoft.com/en-us/security-updates/SecurityAdvisories/2010/2458511?redirectedfrom=MSDN ; https://nvd.nist.gov/vuln/detail/CVE-2010-3962"}, "references": [{"id": "CVE-2010-3962", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-3962"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2025-10-27", "date_added": "2025-10-06", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Uninitialized Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e8854478-5ed3-4e71-9f1a-f7819314f092", "vulnerability": {"vulnId": "CVE-2025-4008", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-02T00:00:00+00:00"}, "gcve": {"object_uuid": "e8854478-5ed3-4e71-9f1a-f7819314f092", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Smartbedded Meteobridge Command Injection Vulnerability | Affected: Smartbedded / Meteobridge | Description: Smartbedded Meteobridge contains a command injection vulnerability that could allow remote unauthenticated attackers to gain arbitrary command execution with elevated privileges (root) on affected devices. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forum.meteohub.de/viewtopic.php?t=18687 ; https://nvd.nist.gov/vuln/detail/CVE-2025-4008"}, "references": [{"id": "CVE-2025-4008", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-4008"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306", "CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Meteobridge", "due_date": "2025-10-23", "date_added": "2025-10-02", "vendorProject": "Smartbedded", "vulnerabilityName": "Smartbedded Meteobridge Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "da49d3a6-54e5-40e3-add3-e0f4774085eb", "vulnerability": {"vulnId": "CVE-2015-7755", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-02T00:00:00+00:00"}, "gcve": {"object_uuid": "da49d3a6-54e5-40e3-add3-e0f4774085eb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Juniper ScreenOS Improper Authentication Vulnerability | Affected: Juniper / ScreenOS | Description: Juniper ScreenOS contains an improper authentication vulnerability that could allow unauthorized remote administrative access to the device. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportportal.juniper.net/s/article/2015-12-Out-of-Cycle-Security-Bulletin-ScreenOS-Multiple-Security-issues-with-ScreenOS-CVE-2015-7755-CVE-2015-7756 ; https://nvd.nist.gov/vuln/detail/CVE-2015-7755"}, "references": [{"id": "CVE-2015-7755", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-7755"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ScreenOS", "due_date": "2025-10-23", "date_added": "2025-10-02", "vendorProject": "Juniper", "vulnerabilityName": "Juniper ScreenOS Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fa43157a-b0f8-4785-b354-6d5d8ba08e5a", "vulnerability": {"vulnId": "CVE-2014-6278", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-02T00:00:00+00:00"}, "gcve": {"object_uuid": "fa43157a-b0f8-4785-b354-6d5d8ba08e5a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-02T00:00:00Z"}, "scope": {"notes": "KEV entry: GNU Bash OS Command Injection Vulnerability | Affected: GNU / GNU Bash | Description: GNU Bash contains an OS command injection vulnerability which allows remote attackers to execute arbitrary commands via a crafted environment. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.  | Due date: 2025-10-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: http://ftp.gnu.org/gnu/bash/bash-4.3-patches/bash43-027 ; https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23467 ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20140926-bash ; https://www.ibm.com/support/pages/security-bulletin-update-vulnerabilities-bash-affect-aix-toolbox-linux-applications-cve-2014-6271-cve-2014-6277-cve-2014-6278-cve-2014-7169-cve-2014-7186-and-cve-2014-7187 ; https://nvd.nist.gov/vuln/detail/CVE-2014-6278"}, "references": [{"id": "CVE-2014-6278", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-6278"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "GNU Bash", "due_date": "2025-10-23", "date_added": "2025-10-02", "vendorProject": "GNU", "vulnerabilityName": "GNU Bash OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7f1d1b0e-6361-49fc-b7d6-9013c9f7856f", "vulnerability": {"vulnId": "CVE-2017-1000353", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-02T00:00:00+00:00"}, "gcve": {"object_uuid": "7f1d1b0e-6361-49fc-b7d6-9013c9f7856f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Jenkins Remote Code Execution Vulnerability | Affected: Jenkins / Jenkins | Description: Jenkins contains a remote code execution vulnerability. This vulnerability that could allowed attackers to transfer a serialized Java SignedObject object to the remoting-based Jenkins CLI, that would be deserialized using a new ObjectInputStream, bypassing the existing blocklist-based protection mechanism. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.jenkins.io/security/advisory/2017-04-26/ ; https://nvd.nist.gov/vuln/detail/CVE-2017-1000353"}, "references": [{"id": "CVE-2017-1000353", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-1000353"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Jenkins", "due_date": "2025-10-23", "date_added": "2025-10-02", "vendorProject": "Jenkins", "vulnerabilityName": "Jenkins Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e9d883c5-f256-46bd-8aef-f3eb6e596178", "vulnerability": {"vulnId": "CVE-2025-21043", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-10-02T00:00:00+00:00"}, "gcve": {"object_uuid": "e9d883c5-f256-46bd-8aef-f3eb6e596178", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-10-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-10-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Out-of-Bounds Write Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb?year=2025&month=09 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21043"}, "references": [{"id": "CVE-2025-21043", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-21043"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2025-10-23", "date_added": "2025-10-02", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e6c095ff-cb28-4ca5-bc73-47d29d053347", "vulnerability": {"vulnId": "CVE-2025-10035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-29T00:00:00+00:00"}, "gcve": {"object_uuid": "e6c095ff-cb28-4ca5-bc73-47d29d053347", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability | Affected: Fortra / GoAnywhere MFT | Description: Fortra GoAnywhere MFT contains a deserialization of untrusted data vulnerability allows an actor with a validly forged license response signature to deserialize an arbitrary actor-controlled object, possibly leading to command injection. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-20 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.fortra.com/security/advisories/product-security/fi-2025-012 ; https://nvd.nist.gov/vuln/detail/CVE-2025-10035"}, "references": [{"id": "CVE-2025-10035", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-10035"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502", "CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "GoAnywhere MFT", "due_date": "2025-10-20", "date_added": "2025-09-29", "vendorProject": "Fortra", "vulnerabilityName": "Fortra GoAnywhere MFT Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "61b543f6-d473-4ca6-b086-097084df5d5c", "vulnerability": {"vulnId": "CVE-2025-59689", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-29T00:00:00+00:00"}, "gcve": {"object_uuid": "61b543f6-d473-4ca6-b086-097084df5d5c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Libraesva Email Security Gateway Command Injection Vulnerability | Affected: Libraesva / Email Security Gateway | Description: Libraesva Email Security Gateway (ESG) contains a command injection vulnerability which allows command injection via a compressed e-mail attachment. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://docs.libraesva.com/knowledgebase/security-advisory-command-injection-vulnerability-cve-2025-59689/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-59689"}, "references": [{"id": "CVE-2025-59689", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-59689"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Email Security Gateway", "due_date": "2025-10-20", "date_added": "2025-09-29", "vendorProject": "Libraesva", "vulnerabilityName": "Libraesva Email Security Gateway Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "621a3010-8ed8-40c4-a281-67b3a7e893e4", "vulnerability": {"vulnId": "CVE-2025-20352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-29T00:00:00+00:00"}, "gcve": {"object_uuid": "621a3010-8ed8-40c4-a281-67b3a7e893e4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability | Affected: Cisco / IOS and IOS XE | Description: Cisco IOS and IOS XE contains a stack-based buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) subsystem that could allow for denial of service or remote code execution. A successful exploit could allow a low-privileged attacker to cause the affected system to reload, resulting in a DoS condition, or allow a high-privileged attacker to execute arbitrary code as the root user and obtain full control of the affected system. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-x4LPhte ; https://nvd.nist.gov/vuln/detail/CVE-2025-20352"}, "references": [{"id": "CVE-2025-20352", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-20352"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-121"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE", "due_date": "2025-10-20", "date_added": "2025-09-29", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "948b89c9-8eae-4dc8-afaa-5e23fc0852d9", "vulnerability": {"vulnId": "CVE-2021-21311", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-29T00:00:00+00:00"}, "gcve": {"object_uuid": "948b89c9-8eae-4dc8-afaa-5e23fc0852d9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Adminer Server-Side Request Forgery Vulnerability | Affected: Adminer / Adminer | Description: Adminer contains a server-side request forgery vulnerability that, when exploited, allows a remote attacker to obtain potentially sensitive information. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/vrana/adminer/security/advisories/GHSA-x5r2-hj5c-8jx6 ; https://nvd.nist.gov/vuln/detail/CVE-2021-21311"}, "references": [{"id": "CVE-2021-21311", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21311"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Adminer", "due_date": "2025-10-20", "date_added": "2025-09-29", "vendorProject": "Adminer", "vulnerabilityName": "Adminer Server-Side Request Forgery Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "216dcc3b-ba75-46c3-bd07-8bac789a7566", "vulnerability": {"vulnId": "CVE-2025-32463", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-29T00:00:00+00:00"}, "gcve": {"object_uuid": "216dcc3b-ba75-46c3-bd07-8bac789a7566", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability | Affected: Sudo / Sudo | Description: Sudo contains an inclusion of functionality from untrusted control sphere vulnerability. This vulnerability could allow local attacker to leverage sudo\u2019s -R (--chroot) option to run arbitrary commands as root, even if they are not listed in the sudoers file. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://www.sudo.ws/security/advisories/chroot_bug/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-32463"}, "references": [{"id": "CVE-2025-32463", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-32463"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-829"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Sudo", "due_date": "2025-10-20", "date_added": "2025-09-29", "vendorProject": "Sudo", "vulnerabilityName": "Sudo Inclusion of Functionality from Untrusted Control Sphere Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e0b0ae2b-594b-4925-987b-732989e7e591", "vulnerability": {"vulnId": "CVE-2025-20362", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e0b0ae2b-594b-4925-987b-732989e7e591", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability | Affected: Cisco / Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Description: Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a missing authorization vulnerability. This vulnerability could be chained with CVE-2025-20333. | Required action: The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor\u2019s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2025-09-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-25-03-core-dump-and-hunt-instructions ; https://www.cisa.gov/eviction-strategies-tool/create-from-template ; https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks ;   https://sec.cloudapps.cisco.com/security/center/private/resources/asa_ftd_continued_attacks#Details ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-YROOTUW ; https://nvd.nist.gov/vuln/detail/CVE-2025-20362"}, "references": [{"id": "CVE-2025-20362", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-20362"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-862"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense", "due_date": "2025-09-26", "date_added": "2025-09-25", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Missing Authorization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f66e584e-b3b3-4e66-b5e5-9ebc17381187", "vulnerability": {"vulnId": "CVE-2025-20333", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-25T00:00:00+00:00"}, "gcve": {"object_uuid": "f66e584e-b3b3-4e66-b5e5-9ebc17381187", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability | Affected: Cisco / Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense | Description: Cisco Secure Firewall Adaptive Security (ASA) Appliance and Secure Firewall Threat Defense (FTD) Software VPN Web Server contain a buffer overflow vulnerability that allows for remote code execution. This vulnerability could be chained with CVE-2025-20362. | Required action: The KEV due date refers to the deadline by which FCEB agencies are expected to review and begin implementing the guidance outlined in Emergency Directive (ED) 25-03 (URL listed below in Notes). Agencies must follow the mitigation steps provided by CISA (URL listed below in Notes) and vendor\u2019s instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2025-09-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/directives/ed-25-03-identify-and-mitigate-potential-compromise-cisco-devices ; https://www.cisa.gov/news-events/directives/supplemental-direction-ed-25-03-core-dump-and-hunt-instructions ; https://www.cisa.gov/eviction-strategies-tool/create-from-template ; https://sec.cloudapps.cisco.com/security/center/resources/asa_ftd_continued_attacks ;    https://sec.cloudapps.cisco.com/security/center/private/resources/asa_ftd_continued_attacks#Details ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-webvpn-z5xP8EUB ; https://nvd.nist.gov/vuln/detail/CVE-2025-20333"}, "references": [{"id": "CVE-2025-20333", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-20333"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-120"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense", "due_date": "2025-09-26", "date_added": "2025-09-25", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Secure Firewall Adaptive Security Appliance (ASA) and Secure Firewall Threat Defense (FTD) Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "04bf1237-8183-4098-b547-f34a2f927dd4", "vulnerability": {"vulnId": "CVE-2025-10585", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-23T00:00:00+00:00"}, "gcve": {"object_uuid": "04bf1237-8183-4098-b547-f34a2f927dd4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium contains a type confusion vulnerability in the V8 JavaScript and WebAssembly engine. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2025/09/stable-channel-update-for-desktop_17.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-10585"}, "references": [{"id": "CVE-2025-10585", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-10585"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2025-10-14", "date_added": "2025-09-23", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1dc494e3-9c7d-4c2e-857d-78866fa6299a", "vulnerability": {"vulnId": "CVE-2025-5086", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-11T00:00:00+00:00"}, "gcve": {"object_uuid": "1dc494e3-9c7d-4c2e-857d-78866fa6299a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Dassault Syst\u00e8mes DELMIA Apriso Deserialization of Untrusted Data Vulnerability | Affected: Dassault Syst\u00e8mes / DELMIA Apriso | Description: Dassault Syst\u00e8mes DELMIA Apriso contains a deserialization of untrusted data vulnerability that could lead to a remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-10-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.3ds.com/trust-center/security/security-advisories/cve-2025-5086 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5086"}, "references": [{"id": "CVE-2025-5086", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-5086"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DELMIA Apriso", "due_date": "2025-10-02", "date_added": "2025-09-11", "vendorProject": "Dassault Syst\u00e8mes", "vulnerabilityName": "Dassault Syst\u00e8mes DELMIA Apriso Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8919cea1-7f34-4580-93a8-d0435055dd0e", "vulnerability": {"vulnId": "CVE-2025-38352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-04T00:00:00+00:00"}, "gcve": {"object_uuid": "8919cea1-7f34-4580-93a8-d0435055dd0e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability | Affected: Linux / Kernel | Description: Linux kernel contains a time-of-check time-of-use (TOCTOU) race condition vulnerability that has a high impact on confidentiality, integrity, and availability. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2c72fe18cc5f9f1750f5bc148cf1c94c29e106ff ; https://source.android.com/docs/security/bulletin/2025-09-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-38352"}, "references": [{"id": "CVE-2025-38352", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-38352"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-367"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2025-09-25", "date_added": "2025-09-04", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Time-of-Check Time-of-Use (TOCTOU) Race Condition Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f573b77d-290b-4517-b163-5d1015a56800", "vulnerability": {"vulnId": "CVE-2025-48543", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-04T00:00:00+00:00"}, "gcve": {"object_uuid": "f573b77d-290b-4517-b163-5d1015a56800", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Runtime Use-After-Free Vulnerability | Affected: Android / Runtime | Description: Android Runtime contains a use-after-free vulnerability potentially allowing a chrome sandbox escape leading to local privilege escalation. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://source.android.com/docs/security/bulletin/2025-09-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48543"}, "references": [{"id": "CVE-2025-48543", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-48543"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Runtime", "due_date": "2025-09-25", "date_added": "2025-09-04", "vendorProject": "Android", "vulnerabilityName": "Android Runtime Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "09bc0f3e-bcb8-43d3-969f-64a5dcf24ba5", "vulnerability": {"vulnId": "CVE-2025-53690", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-04T00:00:00+00:00"}, "gcve": {"object_uuid": "09bc0f3e-bcb8-43d3-969f-64a5dcf24ba5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability | Affected: Sitecore / Multiple Products | Description: Sitecore Experience Manager (XM), Experience Platform (XP), Experience Commerce (XC), and Managed Cloud contain a deserialization of untrusted data vulnerability involving the use of default machine keys. This flaw allows attackers to exploit exposed ASP.NET machine keys to achieve remote code execution.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB1003865 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53690"}, "references": [{"id": "CVE-2025-53690", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-53690"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-09-25", "date_added": "2025-09-04", "vendorProject": "Sitecore", "vulnerabilityName": "Sitecore Multiple Products Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "356b258f-8fdb-469b-a0e2-b4675e1cb139", "vulnerability": {"vulnId": "CVE-2023-50224", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-03T00:00:00+00:00"}, "gcve": {"object_uuid": "356b258f-8fdb-469b-a0e2-b4675e1cb139", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-03T00:00:00Z"}, "scope": {"notes": "KEV entry: TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability | Affected: TP-Link / TL-WR841N | Description: TP-Link TL-WR841N contains an authentication bypass by spoofing vulnerability within the httpd service, which listens on TCP port 80 by default, leading to the disclose of stored credentials. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.tp-link.com/us/support/faq/4308/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-50224"}, "references": [{"id": "CVE-2023-50224", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-50224"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-290"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "TL-WR841N", "due_date": "2025-09-24", "date_added": "2025-09-03", "vendorProject": "TP-Link", "vulnerabilityName": "TP-Link TL-WR841N Authentication Bypass by Spoofing Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1ca3e1cd-1779-47d9-9083-48ee7620e4bc", "vulnerability": {"vulnId": "CVE-2025-9377", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1ca3e1cd-1779-47d9-9083-48ee7620e4bc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-03T00:00:00Z"}, "scope": {"notes": "KEV entry: TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability | Affected: TP-Link / Multiple Routers | Description: TP-Link Archer C7(EU) and TL-WR841N/ND(MS) contain an OS command injection vulnerability that exists in the Parental Control page. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.tp-link.com/us/support/faq/4308/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-9377"}, "references": [{"id": "CVE-2025-9377", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-9377"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Routers", "due_date": "2025-09-24", "date_added": "2025-09-03", "vendorProject": "TP-Link", "vulnerabilityName": "TP-Link Archer C7(EU) and TL-WR841N/ND(MS) OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bc204b52-7a10-4829-ada6-cad842bcb9d5", "vulnerability": {"vulnId": "CVE-2025-55177", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-02T00:00:00+00:00"}, "gcve": {"object_uuid": "bc204b52-7a10-4829-ada6-cad842bcb9d5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Meta Platforms WhatsApp Incorrect Authorization Vulnerability | Affected: Meta Platforms / WhatsApp | Description: Meta Platforms WhatsApp contains an incorrect authorization vulnerability due to an incomplete authorization of linked device synchronization messages. This vulnerability could allow an unrelated user to trigger processing of content from an arbitrary URL on a target\u2019s device. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.whatsapp.com/security/advisories/2025/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-55177"}, "references": [{"id": "CVE-2025-55177", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-55177"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WhatsApp", "due_date": "2025-09-23", "date_added": "2025-09-02", "vendorProject": "Meta Platforms", "vulnerabilityName": "Meta Platforms WhatsApp Incorrect Authorization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f67f420b-8eb6-4b3c-8778-e1abbf46c85d", "vulnerability": {"vulnId": "CVE-2020-24363", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-09-02T00:00:00+00:00"}, "gcve": {"object_uuid": "f67f420b-8eb6-4b3c-8778-e1abbf46c85d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-09-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-09-02T00:00:00Z"}, "scope": {"notes": "KEV entry: TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability | Affected: TP-Link / TL-WA855RE | Description: TP-link TL-WA855RE contains a missing authentication for critical function vulnerability. This vulnerability could allow an unauthenticated attacker (on the same network) to submit a TDDP_RESET POST request for a factory reset and reboot. The attacker can then obtain incorrect access control by setting a new administrative password. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.tp-link.com/us/home-networking/range-extender/tl-wa855re/#overview ; https://www.tp-link.com/us/support/download/tl-wa855re/#FAQs ; https://nvd.nist.gov/vuln/detail/CVE-2020-24363"}, "references": [{"id": "CVE-2020-24363", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-24363"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "TL-WA855RE", "due_date": "2025-09-23", "date_added": "2025-09-02", "vendorProject": "TP-Link", "vulnerabilityName": "TP-link TL-WA855RE Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cc858f0b-6ee1-4a3e-906b-f5d0952130aa", "vulnerability": {"vulnId": "CVE-2025-57819", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-29T00:00:00+00:00"}, "gcve": {"object_uuid": "cc858f0b-6ee1-4a3e-906b-f5d0952130aa", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Sangoma FreePBX Authentication Bypass Vulnerability | Affected: Sangoma / FreePBX | Description: Sangoma FreePBX contains an authentication bypass vulnerability due to insufficiently sanitized user-supplied data allows unauthenticated access to FreePBX Administrator leading to arbitrary database manipulation and remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/FreePBX/security-reporting/security/advisories/GHSA-m42g-xg4c-5f3h ; https://nvd.nist.gov/vuln/detail/CVE-2025-57819"}, "references": [{"id": "CVE-2025-57819", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-57819"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89", "CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FreePBX", "due_date": "2025-09-19", "date_added": "2025-08-29", "vendorProject": "Sangoma", "vulnerabilityName": "Sangoma FreePBX Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2055285e-0409-435a-a8fb-97c31403fdf3", "vulnerability": {"vulnId": "CVE-2025-7775", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-26T00:00:00+00:00"}, "gcve": {"object_uuid": "2055285e-0409-435a-a8fb-97c31403fdf3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix NetScaler Memory Overflow Vulnerability | Affected: Citrix / NetScaler | Description: Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that could allow for remote code execution and/or denial of service. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694938 ; https://nvd.nist.gov/vuln/detail/CVE-2025-7775"}, "references": [{"id": "CVE-2025-7775", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-7775"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetScaler", "due_date": "2025-08-28", "date_added": "2025-08-26", "vendorProject": "Citrix", "vulnerabilityName": "Citrix NetScaler Memory Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "13602b50-7adf-4f57-a59a-f00a36fd57f4", "vulnerability": {"vulnId": "CVE-2024-8068", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "13602b50-7adf-4f57-a59a-f00a36fd57f4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix Session Recording Improper Privilege Management Vulnerability | Affected: Citrix / Session Recording | Description: Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8068"}, "references": [{"id": "CVE-2024-8068", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-8068"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Session Recording", "due_date": "2025-09-15", "date_added": "2025-08-25", "vendorProject": "Citrix", "vulnerabilityName": "Citrix Session Recording Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a135943d-7c47-40d8-95e1-7b3e19a86875", "vulnerability": {"vulnId": "CVE-2025-48384", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a135943d-7c47-40d8-95e1-7b3e19a86875", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Git Link Following Vulnerability | Affected: Git / Git | Description: Git contains a link following vulnerability that stems from Git\u2019s inconsistent handling of carriage return characters in configuration files. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9 ; https://access.redhat.com/errata/RHSA-2025:13933 ; https://alas.aws.amazon.com/AL2/ALAS2-2025-2941.html ; https://linux.oracle.com/errata/ELSA-2025-11534.html ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-48384 ; https://nvd.nist.gov/vuln/detail/CVE-2025-48384"}, "references": [{"id": "CVE-2025-48384", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-48384"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-59", "CWE-436"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Git", "due_date": "2025-09-15", "date_added": "2025-08-25", "vendorProject": "Git", "vulnerabilityName": "Git Link Following Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ba62f760-84a8-4741-9958-2fdd85ef1152", "vulnerability": {"vulnId": "CVE-2024-8069", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "ba62f760-84a8-4741-9958-2fdd85ef1152", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix Session Recording Deserialization of Untrusted Data Vulnerability | Affected: Citrix / Session Recording | Description: Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.citrix.com/external/article/691941/citrix-session-recording-security-bullet.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-8069"}, "references": [{"id": "CVE-2024-8069", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-8069"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Session Recording", "due_date": "2025-09-15", "date_added": "2025-08-25", "vendorProject": "Citrix", "vulnerabilityName": "Citrix Session Recording Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7e9d5478-7ebc-464e-b1e0-806f98ae75cb", "vulnerability": {"vulnId": "CVE-2025-43300", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "7e9d5478-7ebc-464e-b1e0-806f98ae75cb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability | Affected: Apple / iOS, iPadOS, and macOS | Description: Apple iOS, iPadOS, and macOS contain an out-of-bounds write vulnerability in the Image I/O framework. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/124925 ; https://support.apple.com/en-us/124926 ; https://support.apple.com/en-us/124927 ; https://support.apple.com/en-us/124928 ; https://support.apple.com/en-us/124929 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43300"}, "references": [{"id": "CVE-2025-43300", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-43300"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and macOS", "due_date": "2025-09-11", "date_added": "2025-08-21", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3f101afb-6fcb-4629-82ff-6f97c16a077c", "vulnerability": {"vulnId": "CVE-2025-54948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "3f101afb-6fcb-4629-82ff-6f97c16a077c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Apex One OS Command Injection Vulnerability | Affected: Trend Micro / Apex One | Description: Trend Micro Apex One Management Console (on-premise) contains an OS command injection vulnerability that could allow a pre-authenticated remote attacker to upload malicious code and execute commands on affected installations. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://success.trendmicro.com/en-US/solution/KA-0020652 ; N/A ; https://nvd.nist.gov/vuln/detail/CVE-2025-54948"}, "references": [{"id": "CVE-2025-54948", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-54948"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One", "due_date": "2025-09-08", "date_added": "2025-08-18", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Apex One OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7ad448f7-e758-4155-b21e-7f266f51dad2", "vulnerability": {"vulnId": "CVE-2025-8876", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "7ad448f7-e758-4155-b21e-7f266f51dad2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-13T00:00:00Z"}, "scope": {"notes": "KEV entry: N-able N-Central Command Injection Vulnerability | Affected: N-able / N-Central | Description: N-able N-Central contains a command injection vulnerability via improper sanitization of user input. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8876"}, "references": [{"id": "CVE-2025-8876", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-8876"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "N-Central", "due_date": "2025-08-20", "date_added": "2025-08-13", "vendorProject": "N-able", "vulnerabilityName": "N-able N-Central Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a212f315-e1fa-4a04-8ba9-3539751ec887", "vulnerability": {"vulnId": "CVE-2025-8875", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "a212f315-e1fa-4a04-8ba9-3539751ec887", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-13T00:00:00Z"}, "scope": {"notes": "KEV entry: N-able N-Central Insecure Deserialization Vulnerability | Affected: N-able / N-Central | Description: N-able N-Central contains an insecure deserialization vulnerability that could lead to command execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://status.n-able.com/2025/08/13/announcing-the-ga-of-n-central-2025-3-1/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-8875"}, "references": [{"id": "CVE-2025-8875", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-8875"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "N-Central", "due_date": "2025-08-20", "date_added": "2025-08-13", "vendorProject": "N-able", "vulnerabilityName": "N-able N-Central Insecure Deserialization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "afd738da-a62c-4f84-9636-3b87950f7160", "vulnerability": {"vulnId": "CVE-2025-8088", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-12T00:00:00+00:00"}, "gcve": {"object_uuid": "afd738da-a62c-4f84-9636-3b87950f7160", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-12T00:00:00Z"}, "scope": {"notes": "KEV entry: RARLAB WinRAR Path Traversal Vulnerability | Affected: RARLAB / WinRAR | Description: RARLAB WinRAR contains a path traversal vulnerability affecting the Windows version of WinRAR. This vulnerability could allow an attacker to execute arbitrary code by crafting malicious archive files. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=283&cHash=a64b4a8f662d3639dec8d65f47bc93c5 ; https://nvd.nist.gov/vuln/detail/CVE-2025-8088"}, "references": [{"id": "CVE-2025-8088", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-8088"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-35"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WinRAR", "due_date": "2025-09-02", "date_added": "2025-08-12", "vendorProject": "RARLAB", "vulnerabilityName": "RARLAB WinRAR Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fe344a38-c86e-4d0a-bde8-f9de1e7c34f2", "vulnerability": {"vulnId": "CVE-2007-0671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-12T00:00:00+00:00"}, "gcve": {"object_uuid": "fe344a38-c86e-4d0a-bde8-f9de1e7c34f2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Excel Remote Code Execution Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office Excel contains a remote code execution vulnerability that can be exploited when a specially crafted Excel file is opened. This malicious file could be delivered as an email attachment or hosted on a malicious website. An attacker could leverage this vulnerability by creating a specially crafted Excel file, which, when opened, allowing an attacker to execute remote code on the affected system. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://learn.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-015 ; https://nvd.nist.gov/vuln/detail/CVE-2007-0671"}, "references": [{"id": "CVE-2007-0671", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2007-0671"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2025-09-02", "date_added": "2025-08-12", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Excel Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "23f270b6-9a35-41a5-8835-6775ac7c4912", "vulnerability": {"vulnId": "CVE-2013-3893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-12T00:00:00+00:00"}, "gcve": {"object_uuid": "23f270b6-9a35-41a5-8835-6775ac7c4912", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Resource Management Errors Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a memory corruption vulnerability that allows for remote code execution. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-09-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-080 ; https://nvd.nist.gov/vuln/detail/CVE-2013-3893"}, "references": [{"id": "CVE-2013-3893", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-3893"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2025-09-02", "date_added": "2025-08-12", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Resource Management Errors Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d201cc7f-a6de-42d4-9923-f642b48b4820", "vulnerability": {"vulnId": "CVE-2020-25079", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-05T00:00:00+00:00"}, "gcve": {"object_uuid": "d201cc7f-a6de-42d4-9923-f642b48b4820", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-05T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability | Affected: D-Link / DCS-2530L and DCS-2670L Devices | Description: D-Link DCS-2530L and DCS-2670L devices contains a command injection vulnerability in the cgi-bin/ddns_enc.cgi. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.dlink.com/productinfo.aspx?m=DCS-2530L ; https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 ; https://nvd.nist.gov/vuln/detail/CVE-2020-25079"}, "references": [{"id": "CVE-2020-25079", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-25079"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DCS-2530L and DCS-2670L Devices", "due_date": "2025-08-26", "date_added": "2025-08-05", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DCS-2530L and DCS-2670L Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "33d46549-9ac8-49cd-b791-884ab3ac9e20", "vulnerability": {"vulnId": "CVE-2022-40799", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-05T00:00:00+00:00"}, "gcve": {"object_uuid": "33d46549-9ac8-49cd-b791-884ab3ac9e20", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-05T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DNR-322L Download of Code Without Integrity Check Vulnerability | Affected: D-Link / DNR-322L | Description: D-Link DNR-322L contains a download of code without integrity check vulnerability that could allow an authenticated attacker to execute OS level commands on the device. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.dlink.com/uk/en/products/dnr-322l-cloud-network-video-recorder ; https://nvd.nist.gov/vuln/detail/CVE-2022-40799"}, "references": [{"id": "CVE-2022-40799", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-40799"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-494"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DNR-322L", "due_date": "2025-08-26", "date_added": "2025-08-05", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DNR-322L Download of Code Without Integrity Check Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b863e11c-6206-4ebe-9d45-9389c1940e3a", "vulnerability": {"vulnId": "CVE-2020-25078", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-08-05T00:00:00+00:00"}, "gcve": {"object_uuid": "b863e11c-6206-4ebe-9d45-9389c1940e3a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-08-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-08-05T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability | Affected: D-Link / DCS-2530L and DCS-2670L Devices | Description: D-Link DCS-2530L and DCS-2670L devices contains an unspecified vulnerability that could allow for remote administrator password disclosure. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.dlink.com/productinfo.aspx?m=DCS-2530L ; https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10180 ; https://nvd.nist.gov/vuln/detail/CVE-2020-25078"}, "references": [{"id": "CVE-2020-25078", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-25078"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DCS-2530L and DCS-2670L Devices", "due_date": "2025-08-26", "date_added": "2025-08-05", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DCS-2530L and DCS-2670L Devices Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f5f940c0-4d33-4213-9e0e-bf4dd016e9e1", "vulnerability": {"vulnId": "CVE-2025-20281", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-28T00:00:00+00:00"}, "gcve": {"object_uuid": "f5f940c0-4d33-4213-9e0e-bf4dd016e9e1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Identity Services Engine Injection Vulnerability | Affected: Cisco / Identity Services Engine | Description: Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 ; https://nvd.nist.gov/vuln/detail/CVE-2025-20281"}, "references": [{"id": "CVE-2025-20281", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-20281"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Identity Services Engine", "due_date": "2025-08-18", "date_added": "2025-07-28", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Identity Services Engine Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7e6230fd-0326-4cc9-bf51-5dfbc19cd86a", "vulnerability": {"vulnId": "CVE-2023-2533", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-28T00:00:00+00:00"}, "gcve": {"object_uuid": "7e6230fd-0326-4cc9-bf51-5dfbc19cd86a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-28T00:00:00Z"}, "scope": {"notes": "KEV entry: PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability | Affected: PaperCut / NG/MF | Description: PaperCut NG/MF contains a cross-site request forgery (CSRF) vulnerability, which, under specific conditions, could potentially enable an attacker to alter security settings or execute arbitrary code.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.papercut.com/kb/Main/SecurityBulletinJune2023 ; https://nvd.nist.gov/vuln/detail/CVE-2023-2533"}, "references": [{"id": "CVE-2023-2533", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-2533"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-352"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NG/MF", "due_date": "2025-08-18", "date_added": "2025-07-28", "vendorProject": "PaperCut", "vulnerabilityName": "PaperCut NG/MF Cross-Site Request Forgery (CSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "862cfce1-11f6-4946-916c-badb313f92f3", "vulnerability": {"vulnId": "CVE-2025-20337", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-28T00:00:00+00:00"}, "gcve": {"object_uuid": "862cfce1-11f6-4946-916c-badb313f92f3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Identity Services Engine Injection Vulnerability | Affected: Cisco / Identity Services Engine | Description: Cisco Identity Services Engine contains an injection vulnerability in a specific API of Cisco ISE and Cisco ISE-PIC due to insufficient validation of user-supplied input allowing an attacker to exploit this vulnerability by submitting a crafted API request. Successful exploitation could allow an attacker to perform remote code execution and obtaining root privileges on an affected device. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-unauth-rce-ZAd2GnJ6 ; https://nvd.nist.gov/vuln/detail/CVE-2025-20337"}, "references": [{"id": "CVE-2025-20337", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-20337"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Identity Services Engine", "due_date": "2025-08-18", "date_added": "2025-07-28", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Identity Services Engine Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "425b3baa-32ce-43cb-8103-f50221a64771", "vulnerability": {"vulnId": "CVE-2025-2775", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-22T00:00:00+00:00"}, "gcve": {"object_uuid": "425b3baa-32ce-43cb-8103-f50221a64771", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-22T00:00:00Z"}, "scope": {"notes": "KEV entry: SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability | Affected: SysAid / SysAid On-Prem | Description: SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Checkin processing functionality, allowing for administrator account takeover and file read primitives. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://documentation.sysaid.com/docs/24-40-60 ; https://nvd.nist.gov/vuln/detail/CVE-2025-2775"}, "references": [{"id": "CVE-2025-2775", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-2775"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-611"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SysAid On-Prem", "due_date": "2025-08-12", "date_added": "2025-07-22", "vendorProject": "SysAid", "vulnerabilityName": "SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "61fea7b3-3a63-4920-b93e-5c1ec4799886", "vulnerability": {"vulnId": "CVE-2025-49706", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-22T00:00:00+00:00"}, "gcve": {"object_uuid": "61fea7b3-3a63-4920-b93e-5c1ec4799886", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SharePoint Improper Authentication Vulnerability | Affected: Microsoft / SharePoint | Description: Microsoft SharePoint contains an improper authentication vulnerability that allows an authorized attacker to perform spoofing over a network. Successfully exploitation could allow an attacker to view sensitive information and make some changes to disclosed information. This vulnerability could be chained with CVE-2025-49704. CVE-2025-53771 is a patch bypass for CVE-2025-49706, and the updates for CVE-2025-53771 include more robust protection than those for CVE-2025-49706. | Required action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2025-07-23 | Known ransomware campaign use (KEV): Known | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770 ; https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49706 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49706"}, "references": [{"id": "CVE-2025-49706", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-49706"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SharePoint", "due_date": "2025-07-23", "date_added": "2025-07-22", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SharePoint Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "130e52bd-67f1-4120-92cc-80b2722b7995", "vulnerability": {"vulnId": "CVE-2025-6558", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-22T00:00:00+00:00"}, "gcve": {"object_uuid": "130e52bd-67f1-4120-92cc-80b2722b7995", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium ANGLE and GPU Improper Input Validation Vulnerability | Affected: Google / Chromium | Description: Google Chromium contains an improper input validation vulnerability in ANGLE and GPU. This vulnerability could allow a remote attacker to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2025/07/stable-channel-update-for-desktop_15.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-6558"}, "references": [{"id": "CVE-2025-6558", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-6558"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium", "due_date": "2025-08-12", "date_added": "2025-07-22", "vendorProject": "Google", "vulnerabilityName": "Google Chromium ANGLE and GPU Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2736c737-51bf-40cc-b7a0-379050a01d38", "vulnerability": {"vulnId": "CVE-2025-54309", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-22T00:00:00+00:00"}, "gcve": {"object_uuid": "2736c737-51bf-40cc-b7a0-379050a01d38", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-22T00:00:00Z"}, "scope": {"notes": "KEV entry:  CrushFTP Unprotected Alternate Channel Vulnerability | Affected: CrushFTP / CrushFTP | Description: CrushFTP contains an unprotected alternate channel vulnerability. When the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.crushftp.com/crush11wiki/Wiki.jsp?page=CompromiseJuly2025 ; https://nvd.nist.gov/vuln/detail/CVE-2025-54309 "}, "references": [{"id": "CVE-2025-54309", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-54309"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-420"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CrushFTP", "due_date": "2025-08-12", "date_added": "2025-07-22", "vendorProject": "CrushFTP", "vulnerabilityName": " CrushFTP Unprotected Alternate Channel Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d041bbcd-43ab-4c19-a576-e2b7c165aeac", "vulnerability": {"vulnId": "CVE-2025-2776", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-22T00:00:00+00:00"}, "gcve": {"object_uuid": "d041bbcd-43ab-4c19-a576-e2b7c165aeac", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-22T00:00:00Z"}, "scope": {"notes": "KEV entry: SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability | Affected: SysAid / SysAid On-Prem | Description: SysAid On-Prem contains an improper restriction of XML external entity reference vulnerability in the Server URL processing functionality, allowing for administrator account takeover and file read primitives. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://documentation.sysaid.com/docs/24-40-60 ; https://nvd.nist.gov/vuln/detail/CVE-2025-2776"}, "references": [{"id": "CVE-2025-2776", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-2776"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-611"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SysAid On-Prem", "due_date": "2025-08-12", "date_added": "2025-07-22", "vendorProject": "SysAid", "vulnerabilityName": "SysAid On-Prem Improper Restriction of XML External Entity Reference Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "81e6c3cd-7d00-47bc-8db3-e9ad83201fda", "vulnerability": {"vulnId": "CVE-2025-49704", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-22T00:00:00+00:00"}, "gcve": {"object_uuid": "81e6c3cd-7d00-47bc-8db3-e9ad83201fda", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SharePoint Code Injection Vulnerability | Affected: Microsoft / SharePoint | Description: Microsoft SharePoint contains a code injection vulnerability that could allow an authorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-49706. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704. | Required action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2025-07-23 | Known ransomware campaign use (KEV): Known | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704 ; https://nvd.nist.gov/vuln/detail/CVE-2025-49704"}, "references": [{"id": "CVE-2025-49704", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-49704"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SharePoint", "due_date": "2025-07-23", "date_added": "2025-07-22", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SharePoint Code Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "19295aeb-29a8-4dd9-b160-efcccd72d5a2", "vulnerability": {"vulnId": "CVE-2025-53770", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-20T00:00:00+00:00"}, "gcve": {"object_uuid": "19295aeb-29a8-4dd9-b160-efcccd72d5a2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SharePoint Deserialization of Untrusted Data Vulnerability | Affected: Microsoft / SharePoint | Description: Microsoft SharePoint Server on-premises contains a deserialization of untrusted data vulnerability that could allow an unauthorized attacker to execute code over a network. This vulnerability could be chained with CVE-2025-53771. CVE-2025-53770 is a patch bypass for CVE-2025-49704, and the updates for CVE-2025-53770 include more robust protection than those for CVE-2025-49704. | Required action: Disconnect public-facing versions of SharePoint Server that have reached their end-of-life (EOL) or end-of-service (EOS) to include SharePoint Server 2013 and earlier versions. For supported versions, please follow the mitigations according to CISA (URL listed below in Notes) and vendor instructions (URL listed below in Notes). Adhere to the applicable BOD 22-01 guidance for cloud services or discontinue use of the product if mitigations are not available. | Due date: 2025-07-21 | Known ransomware campaign use (KEV): Known | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/07/20/microsoft-releases-guidance-exploitation-sharepoint-vulnerability-cve-2025-53770; https://www.microsoft.com/en-us/security/blog/2025/07/22/disrupting-active-exploitation-of-on-premises-sharepoint-vulnerabilities/ ; https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-53770 ; https://nvd.nist.gov/vuln/detail/CVE-2025-53770"}, "references": [{"id": "CVE-2025-53770", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-53770"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SharePoint", "due_date": "2025-07-21", "date_added": "2025-07-20", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SharePoint Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "393a57fc-8151-4ee4-869f-1719b1281589", "vulnerability": {"vulnId": "CVE-2025-25257", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-18T00:00:00+00:00"}, "gcve": {"object_uuid": "393a57fc-8151-4ee4-869f-1719b1281589", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiWeb SQL Injection Vulnerability | Affected: Fortinet / FortiWeb | Description: Fortinet FortiWeb contains a SQL injection vulnerability that may allow an unauthenticated attacker to execute unauthorized SQL code or commands via crafted HTTP or HTTPs requests. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://fortiguard.fortinet.com/psirt/FG-IR-25-151 ; https://nvd.nist.gov/vuln/detail/CVE-2025-25257"}, "references": [{"id": "CVE-2025-25257", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-25257"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiWeb", "due_date": "2025-08-08", "date_added": "2025-07-18", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiWeb SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "72257e65-87cf-4139-86fe-fa4a5343065e", "vulnerability": {"vulnId": "CVE-2025-47812", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-14T00:00:00+00:00"}, "gcve": {"object_uuid": "72257e65-87cf-4139-86fe-fa4a5343065e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability | Affected: Wing FTP Server / Wing FTP Server | Description: Wing FTP Server contains an improper neutralization of null byte or NUL character vulnerability that can allow injection of arbitrary Lua code into user session files. This can be used to execute arbitrary system commands with the privileges of the FTP service (root or SYSTEM by default). | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-08-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.wftpserver.com/serverhistory.htm ; https://nvd.nist.gov/vuln/detail/CVE-2025-47812"}, "references": [{"id": "CVE-2025-47812", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-47812"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-158"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Wing FTP Server", "due_date": "2025-08-04", "date_added": "2025-07-14", "vendorProject": "Wing FTP Server", "vulnerabilityName": "Wing FTP Server Improper Neutralization of Null Byte or NUL Character Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9f935a4b-aaa2-490b-9e54-b9a81c09f121", "vulnerability": {"vulnId": "CVE-2025-5777", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-10T00:00:00+00:00"}, "gcve": {"object_uuid": "9f935a4b-aaa2-490b-9e54-b9a81c09f121", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability | Affected: Citrix / NetScaler ADC and Gateway | Description: Citrix NetScaler ADC and Gateway contain an out-of-bounds read vulnerability due to insufficient input validation. This vulnerability can lead to memory overread when the NetScaler is configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-11 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX693420 ; https://nvd.nist.gov/vuln/detail/CVE-2025-5777"}, "references": [{"id": "CVE-2025-5777", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-5777"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-125"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetScaler ADC and Gateway", "due_date": "2025-07-11", "date_added": "2025-07-10", "vendorProject": "Citrix", "vulnerabilityName": "Citrix NetScaler ADC and Gateway Out-of-Bounds Read Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "5aaa8626-ca9a-4556-be7a-b8a0e7e8fec9", "vulnerability": {"vulnId": "CVE-2014-3931", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "5aaa8626-ca9a-4556-be7a-b8a0e7e8fec9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability | Affected: Looking Glass / Multi-Router Looking Glass (MRLG) | Description: Multi-Router Looking Glass (MRLG) contains a buffer overflow vulnerability that could allow remote attackers to cause an arbitrary memory write and memory corruption. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://mrlg.op-sec.us/ ; https://nvd.nist.gov/vuln/detail/CVE-2014-3931"}, "references": [{"id": "CVE-2014-3931", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-3931"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multi-Router Looking Glass (MRLG)", "due_date": "2025-07-28", "date_added": "2025-07-07", "vendorProject": "Looking Glass", "vulnerabilityName": "Multi-Router Looking Glass (MRLG) Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e3518128-3fbc-4333-ba02-a26c1521c33f", "vulnerability": {"vulnId": "CVE-2016-10033", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "e3518128-3fbc-4333-ba02-a26c1521c33f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-07T00:00:00Z"}, "scope": {"notes": "KEV entry: PHPMailer Command Injection Vulnerability | Affected: PHP / PHPMailer | Description: PHPMailer contains a command injection vulnerability because it fails to sanitize user-supplied input. Specifically, this issue affects the 'mail()' function of 'class.phpmailer.php' script. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/PHPMailer/PHPMailer/releases/tag/v5.2.18 ; https://github.com/advisories/GHSA-5f37-gxvh-23v6 ; https://nvd.nist.gov/vuln/detail/CVE-2016-10033"}, "references": [{"id": "CVE-2016-10033", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-10033"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77", "CWE-88"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PHPMailer", "due_date": "2025-07-28", "date_added": "2025-07-07", "vendorProject": "PHP", "vulnerabilityName": "PHPMailer Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0e924bbe-4067-4e3f-b0cc-af9baca285bb", "vulnerability": {"vulnId": "CVE-2019-9621", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "0e924bbe-4067-4e3f-b0cc-af9baca285bb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains a server-side request forgery (SSRF) vulnerability via the ProxyServlet component. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://wiki.zimbra.com/wiki/Security_Center ; https://nvd.nist.gov/vuln/detail/CVE-2019-9621"}, "references": [{"id": "CVE-2019-9621", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-9621"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918", "CWE-807"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2025-07-28", "date_added": "2025-07-07", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Server-Side Request Forgery (SSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5938e268-3154-438e-8838-ec14bac2155f", "vulnerability": {"vulnId": "CVE-2019-5418", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "5938e268-3154-438e-8838-ec14bac2155f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Rails Ruby on Rails Path Traversal Vulnerability | Affected: Rails / Ruby on Rails | Description: Rails Ruby on Rails contains a path traversal vulnerability in Action View. Specially crafted accept headers in combination with calls to `render file:` can cause arbitrary files on the target server to be rendered, disclosing the file contents. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://web.archive.org/web/20190313201629/https://weblog.rubyonrails.org/2019/3/13/Rails-4-2-5-1-5-1-6-2-have-been-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2019-5418"}, "references": [{"id": "CVE-2019-5418", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-5418"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Ruby on Rails", "due_date": "2025-07-28", "date_added": "2025-07-07", "vendorProject": "Rails", "vulnerabilityName": "Rails Ruby on Rails Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "35447716-cd34-43a5-ba43-a33816a67a14", "vulnerability": {"vulnId": "CVE-2025-6554", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-02T00:00:00+00:00"}, "gcve": {"object_uuid": "35447716-cd34-43a5-ba43-a33816a67a14", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 contains a type confusion vulnerability that could allow a remote attacker to perform arbitrary read/write via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_30.html?m=1 ; https://nvd.nist.gov/vuln/detail/CVE-2025-6554"}, "references": [{"id": "CVE-2025-6554", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-6554"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2025-07-23", "date_added": "2025-07-02", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a679a049-8bbb-4160-8ed5-4b8b62fe8ff6", "vulnerability": {"vulnId": "CVE-2025-48927", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-01T00:00:00+00:00"}, "gcve": {"object_uuid": "a679a049-8bbb-4160-8ed5-4b8b62fe8ff6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-01T00:00:00Z"}, "scope": {"notes": "KEV entry: TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability | Affected: TeleMessage / TM SGNL | Description: TeleMessage TM SGNL contains an initialization of a resource with an insecure default vulnerability. This vulnerability relies on how the Spring Boot Actuator is configured with an exposed heap dump endpoint at a /heapdump URI. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https://nvd.nist.gov/vuln/detail/CVE-2025-48927"}, "references": [{"id": "CVE-2025-48927", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-48927"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1188"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "TM SGNL", "due_date": "2025-07-22", "date_added": "2025-07-01", "vendorProject": "TeleMessage", "vulnerabilityName": "TeleMessage TM SGNL Initialization of a Resource with an Insecure Default Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3ab33386-816c-498a-ad52-cc0ad9221c8c", "vulnerability": {"vulnId": "CVE-2025-48928", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-07-01T00:00:00+00:00"}, "gcve": {"object_uuid": "3ab33386-816c-498a-ad52-cc0ad9221c8c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-07-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-07-01T00:00:00Z"}, "scope": {"notes": "KEV entry: TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability | Affected: TeleMessage / TM SGNL | Description: TeleMessage TM SGNL contains an exposure of core dump file to an unauthorized control sphere Vulnerability. This vulnerability is based on a JSP application in which the heap content is roughly equivalent to a \"core dump\" in which a password previously sent over HTTP would be included in this dump. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): It is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue use of the product. ; https://nvd.nist.gov/vuln/detail/CVE-2025-48928"}, "references": [{"id": "CVE-2025-48928", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-48928"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-528"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "TM SGNL", "due_date": "2025-07-22", "date_added": "2025-07-01", "vendorProject": "TeleMessage", "vulnerabilityName": "TeleMessage TM SGNL Exposure of Core Dump File to an Unauthorized Control Sphere Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "55baa5cc-0875-463e-ab0f-9b3d985ffade", "vulnerability": {"vulnId": "CVE-2025-6543", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-30T00:00:00+00:00"}, "gcve": {"object_uuid": "55baa5cc-0875-463e-ab0f-9b3d985ffade", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability | Affected: Citrix / NetScaler ADC and Gateway | Description: Citrix NetScaler ADC and Gateway contain a buffer overflow vulnerability leading to unintended control flow and Denial of Service. NetScaler must be configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) OR AAA virtual server. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX694788 ; https://www.netscaler.com/blog/news/netscaler-critical-security-updates-for-cve-2025-6543-and-cve-2025-5777/ ;   https://nvd.nist.gov/vuln/detail/CVE-2025-6543"}, "references": [{"id": "CVE-2025-6543", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-6543"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetScaler ADC and Gateway", "due_date": "2025-07-21", "date_added": "2025-06-30", "vendorProject": "Citrix", "vulnerabilityName": "Citrix NetScaler ADC and Gateway Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ee7541c6-548f-4146-b59c-c0a3f92c3cd8", "vulnerability": {"vulnId": "CVE-2024-54085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-25T00:00:00+00:00"}, "gcve": {"object_uuid": "ee7541c6-548f-4146-b59c-c0a3f92c3cd8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-25T00:00:00Z"}, "scope": {"notes": "KEV entry: AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability | Affected: AMI / MegaRAC SPx | Description: AMI MegaRAC SPx contains an authentication bypass by spoofing vulnerability in the Redfish Host Interface. A successful exploitation of this vulnerability may lead to a loss of confidentiality, integrity, and/or availability. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf ; https://security.netapp.com/advisory/ntap-20250328-0003/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-54085"}, "references": [{"id": "CVE-2024-54085", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-54085"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-290"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MegaRAC SPx", "due_date": "2025-07-16", "date_added": "2025-06-25", "vendorProject": "AMI", "vulnerabilityName": "AMI MegaRAC SPx Authentication Bypass by Spoofing Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "723f03e2-76cf-4b15-ae1e-5360603acedb", "vulnerability": {"vulnId": "CVE-2019-6693", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-25T00:00:00+00:00"}, "gcve": {"object_uuid": "723f03e2-76cf-4b15-ae1e-5360603acedb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability | Affected: Fortinet / FortiOS | Description: Fortinet FortiOS contains a use of hard-coded credentials vulnerability that could allow an attacker to cipher sensitive data in FortiOS configuration backup file via knowledge of the hard-coded key.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-16 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://fortiguard.com/advisory/FG-IR-19-007 ; https://nvd.nist.gov/vuln/detail/CVE-2019-6693"}, "references": [{"id": "CVE-2019-6693", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-6693"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-798"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS", "due_date": "2025-07-16", "date_added": "2025-06-25", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS Use of Hard-Coded Credentials Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "c56c5ad8-2534-4703-8ec2-2b4f96df5c82", "vulnerability": {"vulnId": "CVE-2024-0769", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c56c5ad8-2534-4703-8ec2-2b4f96df5c82", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-25T00:00:00Z"}, "scope": {"notes": "KEV entry:  D-Link DIR-859 Router Path Traversal Vulnerability | Affected: D-Link / DIR-859 Router | Description: D-Link DIR-859 routers contain a path traversal vulnerability in the file /hedwig.cgi of the component HTTP POST Request Handler. Manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml allows for the leakage of session data potentially enabling privilege escalation and unauthorized control of the device. This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0769"}, "references": [{"id": "CVE-2024-0769", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-0769"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DIR-859 Router", "due_date": "2025-07-16", "date_added": "2025-06-25", "vendorProject": "D-Link", "vulnerabilityName": " D-Link DIR-859 Router Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "729ce6ab-308d-431d-89af-a5c2ff780c3e", "vulnerability": {"vulnId": "CVE-2023-0386", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-17T00:00:00+00:00"}, "gcve": {"object_uuid": "729ce6ab-308d-431d-89af-a5c2ff780c3e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Improper Ownership Management Vulnerability | Affected: Linux / Kernel | Description: Linux Kernel contains an improper ownership management vulnerability, where unauthorized access to the execution of the setuid file with capabilities was found in the Linux kernel\u2019s OverlayFS subsystem in how a user copies a capable file from a nosuid mount into another mount. This uid mapping bug allows a local user to escalate their privileges on the system. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=4f11ada10d0a ; https://access.redhat.com/security/cve/cve-2023-0386 ; https://security.netapp.com/advisory/ntap-20230420-0004/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-0386"}, "references": [{"id": "CVE-2023-0386", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-0386"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-282"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2025-07-08", "date_added": "2025-06-17", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Improper Ownership Management Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cb873ff9-49a4-4131-a8c5-fcd82652d0dd", "vulnerability": {"vulnId": "CVE-2023-33538", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-16T00:00:00+00:00"}, "gcve": {"object_uuid": "cb873ff9-49a4-4131-a8c5-fcd82652d0dd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-16T00:00:00Z"}, "scope": {"notes": "KEV entry: TP-Link Multiple Routers Command Injection Vulnerability | Affected: TP-Link / Multiple Routers | Description: TP-Link TL-WR940N V2/V4, TL-WR841N V8/V10, and TL-WR740N V1/V2 contain a command injection vulnerability via the component /userRpm/WlanNetworkRpm. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.tp-link.com/nordic/support/faq/3562/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-33538"}, "references": [{"id": "CVE-2023-33538", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-33538"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Routers", "due_date": "2025-07-07", "date_added": "2025-06-16", "vendorProject": "TP-Link", "vulnerabilityName": "TP-Link Multiple Routers Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3c2706db-f826-4c9b-92f9-b058bb01c2fd", "vulnerability": {"vulnId": "CVE-2025-43200", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-16T00:00:00+00:00"}, "gcve": {"object_uuid": "3c2706db-f826-4c9b-92f9-b058bb01c2fd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Unspecified Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, watchOS, and visionOS, contain an unspecified vulnerability when processing a maliciously crafted photo or video shared via an iCloud Link. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/122174 ; https://support.apple.com/en-us/122173 ; https://support.apple.com/en-us/122900 ; https://support.apple.com/en-us/122901 ; https://support.apple.com/en-us/122902 ; https://support.apple.com/en-us/122903 ; https://support.apple.com/en-us/122904 ; https://nvd.nist.gov/vuln/detail/CVE-2025-43200"}, "references": [{"id": "CVE-2025-43200", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-43200"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-07-07", "date_added": "2025-06-16", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "abce4820-df1c-4fc3-8db0-a89376c77d7a", "vulnerability": {"vulnId": "CVE-2025-33053", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-10T00:00:00+00:00"}, "gcve": {"object_uuid": "abce4820-df1c-4fc3-8db0-a89376c77d7a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-10T00:00:00Z"}, "scope": {"notes": "KEV entry:  Microsoft Windows External Control of File Name or Path Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows contains an external control of file name or path vulnerability that could allow an attacker to execute code from a remote WebDAV location specified by the WorkingDirectory attribute of Internet Shortcut files. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-33053 ; https://nvd.nist.gov/vuln/detail/CVE-2025-33053"}, "references": [{"id": "CVE-2025-33053", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-33053"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-73"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-07-01", "date_added": "2025-06-10", "vendorProject": "Microsoft", "vulnerabilityName": " Microsoft Windows External Control of File Name or Path Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "573ac1af-09ee-407c-8c57-49f646908b21", "vulnerability": {"vulnId": "CVE-2025-24016", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-10T00:00:00+00:00"}, "gcve": {"object_uuid": "573ac1af-09ee-407c-8c57-49f646908b21", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Wazuh Server Deserialization of Untrusted Data Vulnerability | Affected: Wazuh / Wazuh Server | Description: Wazuh contains a deserialization of untrusted data vulnerability that allows for remote code execution on Wazuh servers. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-07-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wazuh.com/blog/addressing-the-cve-2025-24016-vulnerability/ ; https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh ; https://nvd.nist.gov/vuln/detail/CVE-2025-24016"}, "references": [{"id": "CVE-2025-24016", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24016"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Wazuh Server", "due_date": "2025-07-01", "date_added": "2025-06-10", "vendorProject": "Wazuh", "vulnerabilityName": "Wazuh Server Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b1a40009-a813-4366-a4fe-e84fcccc9dc7", "vulnerability": {"vulnId": "CVE-2024-42009", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-09T00:00:00+00:00"}, "gcve": {"object_uuid": "b1a40009-a813-4366-a4fe-e84fcccc9dc7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-09T00:00:00Z"}, "scope": {"notes": "KEV entry: RoundCube Webmail Cross-Site Scripting Vulnerability | Affected: Roundcube / Webmail | Description: RoundCube Webmail contains a cross-site scripting vulnerability. This vulnerability could allow a remote attacker to steal and send emails of a victim via a crafted e-mail message that abuses a Desanitization issue in message_body() in program/actions/mail/show.php. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://roundcube.net/news/2024/08/04/security-updates-1.6.8-and-1.5.8 ; https://nvd.nist.gov/vuln/detail/CVE-2024-42009"}, "references": [{"id": "CVE-2024-42009", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-42009"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Webmail", "due_date": "2025-06-30", "date_added": "2025-06-09", "vendorProject": "Roundcube", "vulnerabilityName": "RoundCube Webmail Cross-Site Scripting Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3868ea61-9561-4d41-a734-6b44996356f2", "vulnerability": {"vulnId": "CVE-2025-32433", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-09T00:00:00+00:00"}, "gcve": {"object_uuid": "3868ea61-9561-4d41-a734-6b44996356f2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability | Affected: Erlang / Erlang/OTP | Description: Erlang Erlang/OTP SSH server contains a missing authentication for critical function vulnerability. This could allow an attacker to execute arbitrary commands without valid credentials, potentially leading to unauthenticated remote code execution (RCE). By exploiting a flaw in how SSH protocol messages are handled, a malicious actor could gain unauthorized access to affected systems. This vulnerability could affect various products that implement Erlang/OTP SSH server, including\u2014but not limited to\u2014Cisco, NetApp, and SUSE. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/erlang/otp/security/advisories/GHSA-37cp-fgq5-7wc2 ; https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy ; https://nvd.nist.gov/vuln/detail/CVE-2025-32433"}, "references": [{"id": "CVE-2025-32433", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-32433"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Erlang/OTP", "due_date": "2025-06-30", "date_added": "2025-06-09", "vendorProject": "Erlang", "vulnerabilityName": "Erlang Erlang/OTP SSH Server Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9286e965-6c74-4296-bd1c-f0b8c916b591", "vulnerability": {"vulnId": "CVE-2025-5419", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "9286e965-6c74-4296-bd1c-f0b8c916b591", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Out-of-Bounds Read and Write Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 contains an out-of-bounds read and write vulnerability that could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop.html;   https://nvd.nist.gov/vuln/detail/CVE-2025-5419\","}, "references": [{"id": "CVE-2025-5419", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-5419"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-125", "CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2025-06-26", "date_added": "2025-06-05", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Out-of-Bounds Read and Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "04c2f3fc-6257-44be-b902-f2cbf52d5eeb", "vulnerability": {"vulnId": "CVE-2025-21479", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-03T00:00:00+00:00"}, "gcve": {"object_uuid": "04c2f3fc-6257-44be-b902-f2cbf52d5eeb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability | Affected: Qualcomm / Multiple Chipsets | Description: Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ;   https://nvd.nist.gov/vuln/detail/CVE-2025-21479"}, "references": [{"id": "CVE-2025-21479", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-21479"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2025-06-24", "date_added": "2025-06-03", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "aac6da07-039d-4277-a567-49dc6bac8f4e", "vulnerability": {"vulnId": "CVE-2025-21480", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-03T00:00:00+00:00"}, "gcve": {"object_uuid": "aac6da07-039d-4277-a567-49dc6bac8f4e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability | Affected: Qualcomm / Multiple Chipsets | Description: Multiple Qualcomm chipsets contain an incorrect authorization vulnerability. This vulnerability allows for memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ;   https://nvd.nist.gov/vuln/detail/CVE-2025-21480"}, "references": [{"id": "CVE-2025-21480", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-21480"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2025-06-24", "date_added": "2025-06-03", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Incorrect Authorization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "46c61b01-bba5-40a4-8eeb-73289ca0c72b", "vulnerability": {"vulnId": "CVE-2025-27038", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-03T00:00:00+00:00"}, "gcve": {"object_uuid": "46c61b01-bba5-40a4-8eeb-73289ca0c72b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Use-After-Free Vulnerability | Affected: Qualcomm / Multiple Chipsets | Description: Multiple Qualcomm chipsets contain a use-after-free vulnerability. This vulnerability allows for memory corruption while rendering graphics using Adreno GPU drivers in Chrome. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Please check with specific vendors (OEMs,) for information on patching status. For more information, please see: https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2025-bulletin.html ;   https://nvd.nist.gov/vuln/detail/CVE-2025-27038"}, "references": [{"id": "CVE-2025-27038", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-27038"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2025-06-24", "date_added": "2025-06-03", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9e9e1dad-6765-40a9-a72e-d33c215eeac1", "vulnerability": {"vulnId": "CVE-2025-3935", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-02T00:00:00+00:00"}, "gcve": {"object_uuid": "9e9e1dad-6765-40a9-a72e-d33c215eeac1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-02T00:00:00Z"}, "scope": {"notes": "KEV entry: ConnectWise ScreenConnect Improper Authentication Vulnerability | Affected: ConnectWise / ScreenConnect | Description: ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.connectwise.com/company/trust/security-bulletins/screenconnect-security-patch-2025.4 ;   https://nvd.nist.gov/vuln/detail/CVE-2025-3935"}, "references": [{"id": "CVE-2025-3935", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3935"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ScreenConnect", "due_date": "2025-06-23", "date_added": "2025-06-02", "vendorProject": "ConnectWise", "vulnerabilityName": "ConnectWise ScreenConnect Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f495a171-40e0-4d88-8eb6-38045d33001b", "vulnerability": {"vulnId": "CVE-2025-35939", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-02T00:00:00+00:00"}, "gcve": {"object_uuid": "f495a171-40e0-4d88-8eb6-38045d33001b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability | Affected: Craft CMS / Craft CMS | Description: Craft CMS contains an external control of assumed-immutable web parameter vulnerability. This vulnerability could allow an unauthenticated client to introduce arbitrary values, such as PHP code, to a known local file location on the server. This vulnerability could be chained with CVE-2024-58136 as represented by CVE-2025-32432. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/craftcms/cms/pull/17220 ;   https://nvd.nist.gov/vuln/detail/CVE-2025-35939"}, "references": [{"id": "CVE-2025-35939", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-35939"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-472"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Craft CMS", "due_date": "2025-06-23", "date_added": "2025-06-02", "vendorProject": "Craft CMS", "vulnerabilityName": "Craft CMS External Control of Assumed-Immutable Web Parameter Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a6c1242f-7639-4a36-ab03-dc529f7c92ad", "vulnerability": {"vulnId": "CVE-2023-39780", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-02T00:00:00+00:00"}, "gcve": {"object_uuid": "a6c1242f-7639-4a36-ab03-dc529f7c92ad", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-02T00:00:00Z"}, "scope": {"notes": "KEV entry: ASUS RT-AX55 Routers OS Command Injection Vulnerability | Affected: ASUS / RT-AX55 Routers | Description: ASUS RT-AX55 devices contain an OS command injection vulnerability that could allow a remote, authenticated attacker to execute arbitrary commands. As represented by CVE-2023-41346. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.asus.com/networking-iot-servers/wifi-6/all-series/rt-ax55/helpdesk_bios/?model2Name=RT-AX55 ;   https://www.asus.com/content/asus-product-security-advisory/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-39780"}, "references": [{"id": "CVE-2023-39780", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-39780"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "RT-AX55 Routers", "due_date": "2025-06-23", "date_added": "2025-06-02", "vendorProject": "ASUS", "vulnerabilityName": "ASUS RT-AX55 Routers OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a808b21c-06d8-4f71-895e-be9d66b73a9c", "vulnerability": {"vulnId": "CVE-2021-32030", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-02T00:00:00+00:00"}, "gcve": {"object_uuid": "a808b21c-06d8-4f71-895e-be9d66b73a9c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-02T00:00:00Z"}, "scope": {"notes": "KEV entry: ASUS Routers Improper Authentication Vulnerability | Affected: ASUS / Routers | Description: ASUS Lyra Mini and ASUS GT-AC2900 devices contain an improper authentication vulnerability that allows an attacker to gain unauthorized access to the administrative interface. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.asus.com/us/supportonly/lyra%20mini/helpdesk_bios/ ; https://www.asus.com/us/supportonly/rog%20rapture%20gt-ac2900/helpdesk_bios/; https://nvd.nist.gov/vuln/detail/CVE-2021-32030"}, "references": [{"id": "CVE-2021-32030", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-32030"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Routers", "due_date": "2025-06-23", "date_added": "2025-06-02", "vendorProject": "ASUS", "vulnerabilityName": "ASUS Routers Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "35bf156b-807c-4906-a342-c933314e81b0", "vulnerability": {"vulnId": "CVE-2024-56145", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-06-02T00:00:00+00:00"}, "gcve": {"object_uuid": "35bf156b-807c-4906-a342-c933314e81b0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-06-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-06-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Craft CMS Code Injection Vulnerability | Affected: Craft CMS / Craft CMS | Description: Craft CMS contains a code injection vulnerability. Users with affected versions are vulnerable to remote code execution if their php.ini configuration has `register_argc_argv` enabled. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/craftcms/cms/security/advisories/GHSA-2p6p-9rc9-62j9 ; https://nvd.nist.gov/vuln/detail/CVE-2024-56145"}, "references": [{"id": "CVE-2024-56145", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-56145"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Craft CMS", "due_date": "2025-06-23", "date_added": "2025-06-02", "vendorProject": "Craft CMS", "vulnerabilityName": "Craft CMS Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "19c7bf81-024f-40ee-8fb8-6d02010e2383", "vulnerability": {"vulnId": "CVE-2025-4632", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-22T00:00:00+00:00"}, "gcve": {"object_uuid": "19c7bf81-024f-40ee-8fb8-6d02010e2383", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung MagicINFO 9 Server Path Traversal Vulnerability | Affected: Samsung / MagicINFO 9 Server | Description: Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungtv.com/securityUpdates#SVP-MAY-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2025-4632"}, "references": [{"id": "CVE-2025-4632", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-4632"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MagicINFO 9 Server", "due_date": "2025-06-12", "date_added": "2025-05-22", "vendorProject": "Samsung", "vulnerabilityName": "Samsung MagicINFO 9 Server Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2da19e29-65b5-4405-8e92-bcf4263e5ff7", "vulnerability": {"vulnId": "CVE-2025-4427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-19T00:00:00+00:00"}, "gcve": {"object_uuid": "2da19e29-65b5-4405-8e92-bcf4263e5ff7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability | Affected: Ivanti / Endpoint Manager Mobile (EPMM) | Description: Ivanti Endpoint Manager Mobile (EPMM) contains an authentication bypass vulnerability in the API component that allows an attacker to access protected resources without proper credentials via crafted API requests. This vulnerability results from an insecure implementation of the Spring Framework open-source library. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https://nvd.nist.gov/vuln/detail/CVE-2025-4427"}, "references": [{"id": "CVE-2025-4427", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-4427"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Endpoint Manager Mobile (EPMM)", "due_date": "2025-06-09", "date_added": "2025-05-19", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "78c96cf4-f81c-44f5-9158-824c4191f9d0", "vulnerability": {"vulnId": "CVE-2024-27443", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-19T00:00:00+00:00"}, "gcve": {"object_uuid": "78c96cf4-f81c-44f5-9158-824c4191f9d0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Zimbra Collaboration contains a cross-site scripting (XSS) vulnerability in the CalendarInvite feature of the Zimbra webmail classic user interface. An attacker can exploit this vulnerability via an email message containing a crafted calendar header, leading to the execution of arbitrary JavaScript code. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.zimbra.com/wiki/Zimbra_Releases/8.8.15/P46#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P39#Security_Fixes ; https://wiki.zimbra.com/wiki/Zimbra_Releases/10.0.7#Security_Fixes ; https://nvd.nist.gov/vuln/detail/CVE-2024-27443"}, "references": [{"id": "CVE-2024-27443", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-27443"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2025-06-09", "date_added": "2025-05-19", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fcb54cce-3651-4ec7-bb36-966d0e354de5", "vulnerability": {"vulnId": "CVE-2023-38950", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-19T00:00:00+00:00"}, "gcve": {"object_uuid": "fcb54cce-3651-4ec7-bb36-966d0e354de5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-19T00:00:00Z"}, "scope": {"notes": "KEV entry: ZKTeco BioTime Path Traversal Vulnerability | Affected: ZKTeco / BioTime | Description: ZKTeco BioTime contains a path traversal vulnerability in the iclock API that allows an unauthenticated attacker to read arbitrary files via supplying a crafted payload. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.zkteco.com/en/Security_Bulletinsibs ; https://nvd.nist.gov/vuln/detail/CVE-2023-38950"}, "references": [{"id": "CVE-2023-38950", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38950"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "BioTime", "due_date": "2025-06-09", "date_added": "2025-05-19", "vendorProject": "ZKTeco", "vulnerabilityName": "ZKTeco BioTime Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0f91817b-46d9-4f32-9db6-fef97ef03e47", "vulnerability": {"vulnId": "CVE-2025-4428", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-19T00:00:00+00:00"}, "gcve": {"object_uuid": "0f91817b-46d9-4f32-9db6-fef97ef03e47", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability | Affected: Ivanti / Endpoint Manager Mobile (EPMM) | Description: Ivanti Endpoint Manager Mobile (EPMM) contains a code injection vulnerability in the API component that allows an authenticated attacker to remotely execute arbitrary code via crafted API requests. This vulnerability results from an insecure implementation of the Hibernate Validator open-source library, as represented by CVE-2025-35036. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Endpoint-Manager-Mobile-EPMM ; https://nvd.nist.gov/vuln/detail/CVE-2025-4428"}, "references": [{"id": "CVE-2025-4428", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-4428"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Endpoint Manager Mobile (EPMM)", "due_date": "2025-06-09", "date_added": "2025-05-19", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1afdac08-fb5f-4d85-8fb7-8bebd7e4f42f", "vulnerability": {"vulnId": "CVE-2025-27920", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-19T00:00:00+00:00"}, "gcve": {"object_uuid": "1afdac08-fb5f-4d85-8fb7-8bebd7e4f42f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Srimax Output Messenger Directory Traversal Vulnerability | Affected: Srimax / Output Messenger | Description: Srimax Output Messenger contains a directory traversal vulnerability that allows an attacker to access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.outputmessenger.com/cve-2025-27920/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-27920"}, "references": [{"id": "CVE-2025-27920", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-27920"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Output Messenger", "due_date": "2025-06-09", "date_added": "2025-05-19", "vendorProject": "Srimax", "vulnerabilityName": "Srimax Output Messenger Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4df6a5b1-fbb7-48b5-b261-d77a9c601017", "vulnerability": {"vulnId": "CVE-2024-11182", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-19T00:00:00+00:00"}, "gcve": {"object_uuid": "4df6a5b1-fbb7-48b5-b261-d77a9c601017", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-19T00:00:00Z"}, "scope": {"notes": "KEV entry: MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability | Affected: MDaemon / Email Server | Description: MDaemon Email Server contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to load arbitrary JavaScript code via an HTML e-mail message. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://files.mdaemon.com/mdaemon/beta/RelNotes_en.html ; https://mdaemon.com/pages/downloads-critical-updates ; https://nvd.nist.gov/vuln/detail/CVE-2024-11182"}, "references": [{"id": "CVE-2024-11182", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-11182"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Email Server", "due_date": "2025-06-09", "date_added": "2025-05-19", "vendorProject": "MDaemon", "vulnerabilityName": "MDaemon Email Server Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3caff1e7-deb6-407e-91db-d173460dd3f5", "vulnerability": {"vulnId": "CVE-2025-42999", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-15T00:00:00+00:00"}, "gcve": {"object_uuid": "3caff1e7-deb6-407e-91db-d173460dd3f5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-15T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver Deserialization Vulnerability | Affected: SAP / NetWeaver | Description: SAP NetWeaver Visual Composer Metadata Uploader contains a deserialization vulnerability that allows a privileged attacker to compromise the confidentiality, integrity, and availability of the host system by deserializing untrusted or malicious content. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): SAP users must have an account to log in and access the patch: https://me.sap.com/notes/3604119 ; https://nvd.nist.gov/vuln/detail/CVE-2025-42999"}, "references": [{"id": "CVE-2025-42999", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-42999"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2025-06-05", "date_added": "2025-05-15", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver Deserialization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4307b145-b847-4e6e-95e2-73fbac1d3256", "vulnerability": {"vulnId": "CVE-2024-12987", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-15T00:00:00+00:00"}, "gcve": {"object_uuid": "4307b145-b847-4e6e-95e2-73fbac1d3256", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-15T00:00:00Z"}, "scope": {"notes": "KEV entry: DrayTek Vigor Routers OS Command Injection Vulnerability | Affected: DrayTek / Vigor Routers | Description: DrayTek Vigor2960, Vigor300B, and Vigor3900 routers contain an OS command injection vulnerability due to an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component web management interface. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://fw.draytek.com.tw/Vigor2960/Firmware/v1.5.1.5/DrayTek_Vigor2960_V1.5.1.5_01release-note.pdf ; https://fw.draytek.com.tw/Vigor300B/Firmware/v1.5.1.5/DrayTek_Vigor300B_V1.5.1.5_01release-note.pdf ; https://fw.draytek.com.tw/Vigor3900/Firmware/v1.5.1.5/DrayTek_Vigor3900_V1.5.1.5_01release-note.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-12987"}, "references": [{"id": "CVE-2024-12987", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-12987"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Vigor Routers", "due_date": "2025-06-05", "date_added": "2025-05-15", "vendorProject": "DrayTek", "vulnerabilityName": "DrayTek Vigor Routers OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3fa02802-664b-497d-b95f-d19e329f4a0f", "vulnerability": {"vulnId": "CVE-2025-32756", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-14T00:00:00+00:00"}, "gcve": {"object_uuid": "3fa02802-664b-497d-b95f-d19e329f4a0f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability | Affected: Fortinet / Multiple Products | Description: Fortinet FortiFone, FortiVoice, FortiNDR and FortiMail contain a stack-based overflow vulnerability that may allow a remote unauthenticated attacker to execute arbitrary code or commands via crafted HTTP requests. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://fortiguard.fortinet.com/psirt/FG-IR-25-254 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32756"}, "references": [{"id": "CVE-2025-32756", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-32756"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-124"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-06-04", "date_added": "2025-05-14", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet Multiple Products Stack-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1e05761b-d258-46c9-b033-62a910600ea0", "vulnerability": {"vulnId": "CVE-2025-32701", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-13T00:00:00+00:00"}, "gcve": {"object_uuid": "1e05761b-d258-46c9-b033-62a910600ea0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32701 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32701"}, "references": [{"id": "CVE-2025-32701", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-32701"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-06-03", "date_added": "2025-05-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a7d9c04d-f954-4d4f-9d62-5066496da175", "vulnerability": {"vulnId": "CVE-2025-30397", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-13T00:00:00+00:00"}, "gcve": {"object_uuid": "a7d9c04d-f954-4d4f-9d62-5066496da175", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Scripting Engine Type Confusion Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Scripting Engine contains a type confusion vulnerability that allows an unauthorized attacker to execute code over a network via a specially crafted URL. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30397 ; https://nvd.nist.gov/vuln/detail/CVE-2025-30397"}, "references": [{"id": "CVE-2025-30397", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-30397"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-06-03", "date_added": "2025-05-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Scripting Engine Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "39cda1d0-3484-4a45-9041-18becacdc455", "vulnerability": {"vulnId": "CVE-2025-32706", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-13T00:00:00+00:00"}, "gcve": {"object_uuid": "39cda1d0-3484-4a45-9041-18becacdc455", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Common Log File System (CLFS) Driver contains a heap-based buffer overflow vulnerability that allows an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32706 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32706"}, "references": [{"id": "CVE-2025-32706", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-32706"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-06-03", "date_added": "2025-05-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "855ee38a-e072-432c-a318-b474bf1407d8", "vulnerability": {"vulnId": "CVE-2025-32709", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-13T00:00:00+00:00"}, "gcve": {"object_uuid": "855ee38a-e072-432c-a318-b474bf1407d8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Ancillary Function Driver for WinSock contains a use-after-free vulnerability that allows an authorized attacker to escalate privileges to administrator. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-32709 ; https://nvd.nist.gov/vuln/detail/CVE-2025-32709"}, "references": [{"id": "CVE-2025-32709", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-32709"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-06-03", "date_added": "2025-05-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Ancillary Function Driver for WinSock Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "73489433-e6c4-47e2-b54c-f0988d2857ae", "vulnerability": {"vulnId": "CVE-2025-30400", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-13T00:00:00+00:00"}, "gcve": {"object_uuid": "73489433-e6c4-47e2-b54c-f0988d2857ae", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows DWM Core Library Use-After-Free Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows DWM Core Library contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-30400 ; https://nvd.nist.gov/vuln/detail/CVE-2025-30400"}, "references": [{"id": "CVE-2025-30400", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-30400"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-06-03", "date_added": "2025-05-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows DWM Core Library Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "566e929b-325a-4fdf-81d8-e5956dac106a", "vulnerability": {"vulnId": "CVE-2025-47729", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "566e929b-325a-4fdf-81d8-e5956dac106a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-12T00:00:00Z"}, "scope": {"notes": "KEV entry: TeleMessage TM SGNL Hidden Functionality Vulnerability | Affected: TeleMessage / TM SGNL | Description: TeleMessage TM SGNL contains a hidden functionality vulnerability in which the archiving backend holds cleartext copies of messages from TM SGNL application users. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-06-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Apply mitigations per vendor instructions. Absent mitigating instructions from the vendor, discontinue use of the product. ; https://nvd.nist.gov/vuln/detail/CVE-2025-47729"}, "references": [{"id": "CVE-2025-47729", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-47729"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-912"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "TM SGNL", "due_date": "2025-06-02", "date_added": "2025-05-12", "vendorProject": "TeleMessage", "vulnerabilityName": "TeleMessage TM SGNL Hidden Functionality Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "75efceb1-e25d-4840-a8ac-055ac6b9912f", "vulnerability": {"vulnId": "CVE-2024-6047", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-07T00:00:00+00:00"}, "gcve": {"object_uuid": "75efceb1-e25d-4840-a8ac-055ac6b9912f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-07T00:00:00Z"}, "scope": {"notes": "KEV entry: GeoVision Devices OS Command Injection Vulnerability | Affected: GeoVision / Multiple Devices | Description: Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://dlcdn.geovision.com.tw/TechNotice/CyberSecurity/Security_Advisory_IP_Device_2024-11.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-6047"}, "references": [{"id": "CVE-2024-6047", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-6047"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Devices", "due_date": "2025-05-28", "date_added": "2025-05-07", "vendorProject": "GeoVision", "vulnerabilityName": "GeoVision Devices OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "91714911-e30c-4808-9f20-4596f3762005", "vulnerability": {"vulnId": "CVE-2024-11120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-07T00:00:00+00:00"}, "gcve": {"object_uuid": "91714911-e30c-4808-9f20-4596f3762005", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-07T00:00:00Z"}, "scope": {"notes": "KEV entry: GeoVision Devices OS Command Injection Vulnerability | Affected: GeoVision / Multiple Devices | Description: Multiple GeoVision devices contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to inject and execute arbitrary system commands. The impacted products could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://dlcdn.geovision.com.tw/TechNotice/CyberSecurity/Security_Advisory_IP_Device_2024-11.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-11120"}, "references": [{"id": "CVE-2024-11120", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-11120"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Devices", "due_date": "2025-05-28", "date_added": "2025-05-07", "vendorProject": "GeoVision", "vulnerabilityName": "GeoVision Devices OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ba91532c-a5c0-47e9-91d4-f0de55cfb711", "vulnerability": {"vulnId": "CVE-2025-27363", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-06T00:00:00+00:00"}, "gcve": {"object_uuid": "ba91532c-a5c0-47e9-91d4-f0de55cfb711", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-06T00:00:00Z"}, "scope": {"notes": "KEV entry: FreeType Out-of-Bounds Write Vulnerability | Affected: FreeType / FreeType | Description: FreeType contains an out-of-bounds write vulnerability when attempting to parse font subglyph structures related to TrueType GX and variable font files that may allow for arbitrary code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://source.android.com/docs/security/bulletin/2025-05-01 ; https://nvd.nist.gov/vuln/detail/CVE-2025-27363"}, "references": [{"id": "CVE-2025-27363", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-27363"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FreeType", "due_date": "2025-05-27", "date_added": "2025-05-06", "vendorProject": "FreeType", "vulnerabilityName": "FreeType Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "42f739f2-b3d8-4d5f-aedf-6d19eac11841", "vulnerability": {"vulnId": "CVE-2025-3248", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-05T00:00:00+00:00"}, "gcve": {"object_uuid": "42f739f2-b3d8-4d5f-aedf-6d19eac11841", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Langflow Missing Authentication Vulnerability | Affected: Langflow / Langflow | Description: Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: https://github.com/advisories/GHSA-c995-4fw3-j39m ; https://nvd.nist.gov/vuln/detail/CVE-2025-3248"}, "references": [{"id": "CVE-2025-3248", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3248"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Langflow", "due_date": "2025-05-26", "date_added": "2025-05-05", "vendorProject": "Langflow", "vulnerabilityName": "Langflow Missing Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dda663b5-599d-482a-9daa-455361250da3", "vulnerability": {"vulnId": "CVE-2025-34028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-02T00:00:00+00:00"}, "gcve": {"object_uuid": "dda663b5-599d-482a-9daa-455361250da3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Commvault Command Center Path Traversal Vulnerability | Affected: Commvault / Command Center | Description: Commvault Command Center contains a path traversal vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://documentation.commvault.com/securityadvisories/CV_2025_04_1.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-34028"}, "references": [{"id": "CVE-2025-34028", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-34028"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Command Center", "due_date": "2025-05-23", "date_added": "2025-05-02", "vendorProject": "Commvault", "vulnerabilityName": "Commvault Command Center Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e751d435-78f2-4182-8753-6b564a5f1dce", "vulnerability": {"vulnId": "CVE-2024-58136", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-02T00:00:00+00:00"}, "gcve": {"object_uuid": "e751d435-78f2-4182-8753-6b564a5f1dce", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Yiiframework Yii Improper Protection of Alternate Path Vulnerability | Affected: Yiiframework / Yii | Description: Yii Framework contains an improper protection of alternate path vulnerability that may allow a remote attacker to execute arbitrary code. This vulnerability could affect other products that implement Yii, including\u2014but not limited to\u2014Craft CMS, as represented by CVE-2025-32432. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.yiiframework.com/news/709/please-upgrade-to-yii-2-0-52 ; https://nvd.nist.gov/vuln/detail/CVE-2024-58136"}, "references": [{"id": "CVE-2024-58136", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-58136"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-424"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Yii", "due_date": "2025-05-23", "date_added": "2025-05-02", "vendorProject": "Yiiframework", "vulnerabilityName": "Yiiframework Yii Improper Protection of Alternate Path Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "70f1e76d-21b5-484f-b14d-4e18035039fc", "vulnerability": {"vulnId": "CVE-2024-38475", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-01T00:00:00+00:00"}, "gcve": {"object_uuid": "70f1e76d-21b5-484f-b14d-4e18035039fc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-01T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache HTTP Server Improper Escaping of Output Vulnerability | Affected: Apache / HTTP Server | Description: Apache HTTP Server contains an improper escaping of output vulnerability in mod_rewrite that allows an attacker to map URLs to filesystem locations that are permitted to be served by the server but are not intentionally/directly reachable by any URL, resulting in code execution or source code disclosure. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://httpd.apache.org/security/vulnerabilities_24.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-38475"}, "references": [{"id": "CVE-2024-38475", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38475"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-116"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HTTP Server", "due_date": "2025-05-22", "date_added": "2025-05-01", "vendorProject": "Apache", "vulnerabilityName": "Apache HTTP Server Improper Escaping of Output Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ad85ef3b-94ca-4d76-b4a5-588276bb6589", "vulnerability": {"vulnId": "CVE-2023-44221", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-05-01T00:00:00+00:00"}, "gcve": {"object_uuid": "ad85ef3b-94ca-4d76-b4a5-588276bb6589", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-05-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-05-01T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SMA100 Appliances OS Command Injection Vulnerability | Affected: SonicWall / SMA100 Appliances | Description: SonicWall SMA100 appliances contain an OS command injection vulnerability in the SSL-VPN management interface that allows a remote, authenticated attacker with administrative privilege to inject arbitrary commands as a 'nobody' user. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0018 ; https://nvd.nist.gov/vuln/detail/CVE-2023-44221"}, "references": [{"id": "CVE-2023-44221", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-44221"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMA100 Appliances", "due_date": "2025-05-22", "date_added": "2025-05-01", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SMA100 Appliances OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6ff2a926-6969-4a40-b8a1-856b0d8aaada", "vulnerability": {"vulnId": "CVE-2025-31324", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-29T00:00:00+00:00"}, "gcve": {"object_uuid": "6ff2a926-6969-4a40-b8a1-856b0d8aaada", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-29T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver Unrestricted File Upload Vulnerability | Affected: SAP / NetWeaver | Description: SAP NetWeaver Visual Composer Metadata Uploader contains an unrestricted file upload vulnerability that allows an unauthenticated agent to upload potentially malicious executable binaries. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-20 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://me.sap.com/notes/3594142 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31324"}, "references": [{"id": "CVE-2025-31324", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-31324"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2025-05-20", "date_added": "2025-04-29", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver Unrestricted File Upload Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "5c0181fb-fa8f-49af-ba41-93d8ed007b57", "vulnerability": {"vulnId": "CVE-2025-1976", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "5c0181fb-fa8f-49af-ba41-93d8ed007b57", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Broadcom Brocade Fabric OS Code Injection Vulnerability | Affected: Broadcom / Brocade Fabric OS | Description: Broadcom Brocade Fabric OS contains a code injection vulnerability that allows a local user with administrative privileges to execute arbitrary code with full root privileges. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25602 ; https://nvd.nist.gov/vuln/detail/CVE-2025-1976"}, "references": [{"id": "CVE-2025-1976", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-1976"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Brocade Fabric OS", "due_date": "2025-05-19", "date_added": "2025-04-28", "vendorProject": "Broadcom", "vulnerabilityName": "Broadcom Brocade Fabric OS Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "48bcf88d-2c8b-4c4b-aca3-45859c0b64dc", "vulnerability": {"vulnId": "CVE-2025-42599", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "48bcf88d-2c8b-4c4b-aca3-45859c0b64dc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability | Affected: Qualitia / Active! Mail | Description: Qualitia Active! Mail contains a stack-based buffer overflow vulnerability that allows a remote, unauthenticated attacker to execute arbitrary or trigger a denial-of-service via a specially crafted request. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.qualitia.com/jp/news/2025/04/18_1030.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-42599"}, "references": [{"id": "CVE-2025-42599", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-42599"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-121"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Active! Mail", "due_date": "2025-05-19", "date_added": "2025-04-28", "vendorProject": "Qualitia", "vulnerabilityName": "Qualitia Active! Mail Stack-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3d9e0ac7-b4ef-44d2-8056-ccebd9b48183", "vulnerability": {"vulnId": "CVE-2025-3928", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-28T00:00:00+00:00"}, "gcve": {"object_uuid": "3d9e0ac7-b4ef-44d2-8056-ccebd9b48183", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Commvault Web Server Unspecified Vulnerability | Affected: Commvault / Web Server | Description: Commvault Web Server contains an unspecified vulnerability that allows a remote, authenticated attacker to create and execute webshells. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://documentation.commvault.com/securityadvisories/CV_2025_03_1.html;   https://www.commvault.com/blogs/notice-security-advisory-update;   https://nvd.nist.gov/vuln/detail/CVE-2025-3928      "}, "references": [{"id": "CVE-2025-3928", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-3928"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Web Server", "due_date": "2025-05-19", "date_added": "2025-04-28", "vendorProject": "Commvault", "vulnerabilityName": "Commvault Web Server Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a49e70ae-86e6-49e8-bde8-d4c8d4600191", "vulnerability": {"vulnId": "CVE-2025-24054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-17T00:00:00+00:00"}, "gcve": {"object_uuid": "a49e70ae-86e6-49e8-bde8-d4c8d4600191", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows NTLM contains an external control of file name or path vulnerability that allows an unauthorized attacker to perform spoofing over a network. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24054 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24054"}, "references": [{"id": "CVE-2025-24054", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24054"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-73"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-05-08", "date_added": "2025-04-17", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows NTLM Hash Disclosure Spoofing Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "912d6630-240d-459e-acd2-54ff91770da9", "vulnerability": {"vulnId": "CVE-2025-31201", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-17T00:00:00+00:00"}, "gcve": {"object_uuid": "912d6630-240d-459e-acd2-54ff91770da9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Arbitrary Read and Write Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and other Apple products contain an arbitrary read and write vulnerability that allows an attacker to bypass Pointer Authentication. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/122282 ; https://support.apple.com/en-us/122400 ; https://support.apple.com/en-us/122401 ; https://support.apple.com/en-us/122402 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31201"}, "references": [{"id": "CVE-2025-31201", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-31201"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-05-08", "date_added": "2025-04-17", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Arbitrary Read and Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "459f7633-4309-4f28-8fd3-dd8d56ca9f61", "vulnerability": {"vulnId": "CVE-2025-31200", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-17T00:00:00+00:00"}, "gcve": {"object_uuid": "459f7633-4309-4f28-8fd3-dd8d56ca9f61", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and other Apple products contain a memory corruption vulnerability that allows for code execution when processing an audio stream in a maliciously crafted media file. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/122282 ; https://support.apple.com/en-us/122400 ; https://support.apple.com/en-us/122401 ; https://support.apple.com/en-us/122402 ; https://nvd.nist.gov/vuln/detail/CVE-2025-31200"}, "references": [{"id": "CVE-2025-31200", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-31200"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-05-08", "date_added": "2025-04-17", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "01fd93c6-19de-4895-b865-6eb5306eef01", "vulnerability": {"vulnId": "CVE-2021-20035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-16T00:00:00+00:00"}, "gcve": {"object_uuid": "01fd93c6-19de-4895-b865-6eb5306eef01", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-16T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SMA100 Appliances OS Command Injection Vulnerability | Affected: SonicWall / SMA100 Appliances | Description: SonicWall SMA100 appliances contain an OS command injection vulnerability in the management interface that allows a remote authenticated attacker to inject arbitrary commands as a 'nobody' user, which could potentially lead to code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-05-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022 ; https://nvd.nist.gov/vuln/detail/CVE-2021-20035"}, "references": [{"id": "CVE-2021-20035", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20035"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMA100 Appliances", "due_date": "2025-05-07", "date_added": "2025-04-16", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SMA100 Appliances OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c1d166f9-4830-4462-8671-3ae11b5a0616", "vulnerability": {"vulnId": "CVE-2024-53150", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-09T00:00:00+00:00"}, "gcve": {"object_uuid": "c1d166f9-4830-4462-8671-3ae11b5a0616", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Out-of-Bounds Read Vulnerability | Affected: Linux / Kernel | Description: Linux Kernel contains an out-of-bounds read vulnerability in the USB-audio driver that allows a local, privileged attacker to obtain potentially sensitive information. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024122427-CVE-2024-53150-3a7d@gregkh/ ; https://source.android.com/docs/security/bulletin/2025-04-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-53150"}, "references": [{"id": "CVE-2024-53150", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-53150"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-125"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2025-04-30", "date_added": "2025-04-09", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Out-of-Bounds Read Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4789431a-66d3-485b-93f1-18a885a629e8", "vulnerability": {"vulnId": "CVE-2024-53197", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-09T00:00:00+00:00"}, "gcve": {"object_uuid": "4789431a-66d3-485b-93f1-18a885a629e8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Out-of-Bounds Access Vulnerability | Affected: Linux / Kernel | Description: Linux Kernel contains an out-of-bounds access vulnerability in the USB-audio driver that allows an attacker with physical access to the system to use a malicious USB device to potentially manipulate system memory, escalate privileges, or execute arbitrary code. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024122725-CVE-2024-53197-6aef@gregkh/ ; https://source.android.com/docs/security/bulletin/2025-04-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-53197"}, "references": [{"id": "CVE-2024-53197", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-53197"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2025-04-30", "date_added": "2025-04-09", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Out-of-Bounds Access Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1a833880-8608-44ad-9e79-c0105aed3411", "vulnerability": {"vulnId": "CVE-2025-29824", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-08T00:00:00+00:00"}, "gcve": {"object_uuid": "1a833880-8608-44ad-9e79-c0105aed3411", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Common Log File System (CLFS) Driver contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-29 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-29824 ; https://nvd.nist.gov/vuln/detail/CVE-2025-29824"}, "references": [{"id": "CVE-2025-29824", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-29824"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-04-29", "date_added": "2025-04-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "f92950f4-aa11-47fd-b6d0-26781769f92d", "vulnerability": {"vulnId": "CVE-2025-30406", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-08T00:00:00+00:00"}, "gcve": {"object_uuid": "f92950f4-aa11-47fd-b6d0-26781769f92d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability | Affected: Gladinet / CentreStack | Description: Gladinet CentreStack and Triofox contains a use of hard-coded cryptographic key vulnerability in the way that the application manages keys used for ViewState integrity verification. Successful exploitation allows an attacker to forge ViewState payloads for server-side deserialization, allowing for remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf ; https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2025-triofox.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2025-30406"}, "references": [{"id": "CVE-2025-30406", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-30406"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-321"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CentreStack", "due_date": "2025-04-29", "date_added": "2025-04-08", "vendorProject": "Gladinet", "vulnerabilityName": "Gladinet CentreStack and Triofox Use of Hard-coded Cryptographic Key Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "82a04c4f-40e2-41ac-9a14-0fd8d5ae16d5", "vulnerability": {"vulnId": "CVE-2025-31161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-07T00:00:00+00:00"}, "gcve": {"object_uuid": "82a04c4f-40e2-41ac-9a14-0fd8d5ae16d5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-07T00:00:00Z"}, "scope": {"notes": "KEV entry: CrushFTP Authentication Bypass Vulnerability | Affected: CrushFTP / CrushFTP | Description: CrushFTP contains an authentication bypass vulnerability in the HTTP authorization header that allows a remote unauthenticated attacker to authenticate to any known or guessable user account (e.g., crushadmin), potentially leading to a full compromise.  | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update ; https://nvd.nist.gov/vuln/detail/CVE-2025-31161"}, "references": [{"id": "CVE-2025-31161", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-31161"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-305"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CrushFTP", "due_date": "2025-04-28", "date_added": "2025-04-07", "vendorProject": "CrushFTP", "vulnerabilityName": "CrushFTP Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "9be262d6-0d01-4d80-8129-f59b23fedb56", "vulnerability": {"vulnId": "CVE-2025-22457", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "9be262d6-0d01-4d80-8129-f59b23fedb56", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability | Affected: Ivanti / Connect Secure, Policy Secure, and ZTA Gateways | Description: Ivanti Connect Secure, Policy Secure, and ZTA Gateways contains a stack-based buffer overflow vulnerability that allows a remote unauthenticated attacker to achieve remote code execution.  | Required action: Apply mitigations as set forth in the CISA instructions linked below. | Due date: 2025-04-11 | Known ransomware campaign use (KEV): Known | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-cve-2025-22457 ; Additional References: https://forums.ivanti.com/s/article/April-Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-22457 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22457"}, "references": [{"id": "CVE-2025-22457", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-22457"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-121"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Connect Secure, Policy Secure, and ZTA Gateways", "due_date": "2025-04-11", "date_added": "2025-04-04", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "fe473d70-7fe2-43e9-bd35-c8b91546205c", "vulnerability": {"vulnId": "CVE-2025-24813", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-04-01T00:00:00+00:00"}, "gcve": {"object_uuid": "fe473d70-7fe2-43e9-bd35-c8b91546205c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-04-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-04-01T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Tomcat Path Equivalence Vulnerability | Affected: Apache / Tomcat | Description: Apache Tomcat contains a path equivalence vulnerability that allows a remote attacker to execute code, disclose information, or inject malicious content via a partial PUT request. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/j5fkjv2k477os90nczf2v9l61fb0kkgq ; https://nvd.nist.gov/vuln/detail/CVE-2025-24813"}, "references": [{"id": "CVE-2025-24813", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24813"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-44", "CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Tomcat", "due_date": "2025-04-22", "date_added": "2025-04-01", "vendorProject": "Apache", "vulnerabilityName": "Apache Tomcat Path Equivalence Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2e6557a1-424a-40e5-8a69-4fab338b8712", "vulnerability": {"vulnId": "CVE-2024-20439", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "2e6557a1-424a-40e5-8a69-4fab338b8712", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-31T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Smart Licensing Utility Static Credential Vulnerability | Affected: Cisco / Smart Licensing Utility | Description: Cisco Smart Licensing Utility contains a static credential vulnerability that allows an unauthenticated, remote attacker to log in to an affected system and gain administrative credentials. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw ; https://nvd.nist.gov/vuln/detail/CVE-2024-20439"}, "references": [{"id": "CVE-2024-20439", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-20439"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-912"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Smart Licensing Utility", "due_date": "2025-04-21", "date_added": "2025-03-31", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Smart Licensing Utility Static Credential Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8791bec1-8b4f-46a7-a000-a10f5d4cc2b7", "vulnerability": {"vulnId": "CVE-2025-2783", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-27T00:00:00+00:00"}, "gcve": {"object_uuid": "8791bec1-8b4f-46a7-a000-a10f5d4cc2b7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-27T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Mojo Sandbox Escape Vulnerability | Affected: Google / Chromium Mojo | Description: Google Chromium Mojo on Windows contains a sandbox escape vulnerability caused by a logic error, which results from an incorrect handle being provided in unspecified circumstances. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html ; https://nvd.nist.gov/vuln/detail/CVE-2025-2783"}, "references": [{"id": "CVE-2025-2783", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-2783"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium Mojo", "due_date": "2025-04-17", "date_added": "2025-03-27", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Mojo Sandbox Escape Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "26422a97-6f1c-402f-bd72-c6d168d9da31", "vulnerability": {"vulnId": "CVE-2019-9875", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-26T00:00:00+00:00"}, "gcve": {"object_uuid": "26422a97-6f1c-402f-bd72-c6d168d9da31", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability | Affected: Sitecore / CMS and Experience Platform (XP) | Description: Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an authenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB0038556 ; https://nvd.nist.gov/vuln/detail/CVE-2019-9875"}, "references": [{"id": "CVE-2019-9875", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-9875"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CMS and Experience Platform (XP)", "due_date": "2025-04-16", "date_added": "2025-03-26", "vendorProject": "Sitecore", "vulnerabilityName": "Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6296e3ff-700f-4392-b387-ce7fb2fe2572", "vulnerability": {"vulnId": "CVE-2019-9874", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-26T00:00:00+00:00"}, "gcve": {"object_uuid": "6296e3ff-700f-4392-b387-ce7fb2fe2572", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability | Affected: Sitecore / CMS and Experience Platform (XP) | Description: Sitecore CMS and Experience Platform (XP) contain a deserialization vulnerability in the Sitecore.Security.AntiCSRF module that allows an unauthenticated attacker to execute arbitrary code by sending a serialized .NET object in the HTTP POST parameter __CSRFTOKEN. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.sitecore.com/kb?id=kb_article_view&sysparm_article=KB0334035 ; https://nvd.nist.gov/vuln/detail/CVE-2019-9874"}, "references": [{"id": "CVE-2019-9874", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-9874"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CMS and Experience Platform (XP)", "due_date": "2025-04-16", "date_added": "2025-03-26", "vendorProject": "Sitecore", "vulnerabilityName": "Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "df851e15-cb9f-4fbd-b211-a2c1b3be7c44", "vulnerability": {"vulnId": "CVE-2025-30154", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-24T00:00:00+00:00"}, "gcve": {"object_uuid": "df851e15-cb9f-4fbd-b211-a2c1b3be7c44", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-24T00:00:00Z"}, "scope": {"notes": "KEV entry: reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability | Affected: reviewdog / action-setup GitHub Action | Description: reviewdog action-setup GitHub Action contains an embedded malicious code vulnerability that dumps exposed secrets to Github Actions Workflow Logs. | Required action: Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-tj-actionschanged-files-cve-2025-30066-and-reviewdogaction ; Additional References: https://github.com/reviewdog/reviewdog/security/advisories/GHSA-qmg3-hpqr-gqvc ; https://nvd.nist.gov/vuln/detail/CVE-2025-30154"}, "references": [{"id": "CVE-2025-30154", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-30154"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-506"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "action-setup GitHub Action", "due_date": "2025-04-14", "date_added": "2025-03-24", "vendorProject": "reviewdog", "vulnerabilityName": "reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fad9ca3a-281b-45df-8311-03aee0a63af1", "vulnerability": {"vulnId": "CVE-2024-48248", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-19T00:00:00+00:00"}, "gcve": {"object_uuid": "fad9ca3a-281b-45df-8311-03aee0a63af1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-19T00:00:00Z"}, "scope": {"notes": "KEV entry: NAKIVO Backup and Replication Absolute Path Traversal Vulnerability | Affected: NAKIVO / Backup and Replication | Description: NAKIVO Backup and Replication contains an absolute path traversal vulnerability that enables an attacker to read arbitrary files. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://helpcenter.nakivo.com/Release-Notes/Content/Release-Notes.htm ; https://nvd.nist.gov/vuln/detail/CVE-2024-48248"}, "references": [{"id": "CVE-2024-48248", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-48248"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-36"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Backup and Replication", "due_date": "2025-04-09", "date_added": "2025-03-19", "vendorProject": "NAKIVO", "vulnerabilityName": "NAKIVO Backup and Replication Absolute Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c550dca4-6128-4c87-af16-457980bf1f8c", "vulnerability": {"vulnId": "CVE-2017-12637", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-19T00:00:00+00:00"}, "gcve": {"object_uuid": "c550dca4-6128-4c87-af16-457980bf1f8c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-19T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver Directory Traversal Vulnerability | Affected: SAP / NetWeaver | Description: SAP NetWeaver Application Server (AS) Java contains a directory traversal vulnerability in scheduler/ui/js/ffffffffbca41eb4/UIUtilJavaScriptJS that allows a remote attacker to read arbitrary files via a .. (dot dot) in the query string. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): SAP users must have an account to log in and access the patch: https://me.sap.com/notes/3476549 ; https://nvd.nist.gov/vuln/detail/CVE-2017-12637"}, "references": [{"id": "CVE-2017-12637", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12637"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2025-04-09", "date_added": "2025-03-19", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "78c14027-7a5d-4f71-935b-ad96af2836b4", "vulnerability": {"vulnId": "CVE-2025-1316", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-19T00:00:00+00:00"}, "gcve": {"object_uuid": "78c14027-7a5d-4f71-935b-ad96af2836b4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Edimax IC-7100 IP Camera OS Command Injection Vulnerability | Affected: Edimax / IC-7100 IP Camera | Description: Edimax IC-7100 IP camera contains an OS command injection vulnerability due to improper input sanitization that allows an attacker to achieve remote code execution via specially crafted requests. The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.edimax.com/edimax/post/post/data/edimax/global/press_releases/4801/ ; https://nvd.nist.gov/vuln/detail/CVE-2025-1316"}, "references": [{"id": "CVE-2025-1316", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-1316"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IC-7100 IP Camera", "due_date": "2025-04-09", "date_added": "2025-03-19", "vendorProject": "Edimax", "vulnerabilityName": "Edimax IC-7100 IP Camera OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "85eec58e-1219-4ae4-9bab-332b2647ea38", "vulnerability": {"vulnId": "CVE-2025-30066", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-18T00:00:00+00:00"}, "gcve": {"object_uuid": "85eec58e-1219-4ae4-9bab-332b2647ea38", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-18T00:00:00Z"}, "scope": {"notes": "KEV entry: tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability | Affected: tj-actions / changed-files GitHub Action | Description: tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens (PATs), npm tokens, and private RSA keys. | Required action: Apply mitigations as set forth in the CISA instructions linked below. Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source project, third-party library, or a protocol used by different products. For more information, please see: CISA Mitigation Instructions: https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-tj-actionschanged-files-cve-2025-30066-and-reviewdogaction ; Additional References: https://github.com/tj-actions/changed-files/blob/45fb12d7a8bedb4da42342e52fe054c6c2c3fd73/README.md?plain=1#L20-L28 ; https://nvd.nist.gov/vuln/detail/CVE-2025-30066"}, "references": [{"id": "CVE-2025-30066", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-30066"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-506"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "changed-files GitHub Action", "due_date": "2025-04-08", "date_added": "2025-03-18", "vendorProject": "tj-actions", "vulnerabilityName": "tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "146a5385-4e44-4def-b59c-70757fa59720", "vulnerability": {"vulnId": "CVE-2025-24472", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-18T00:00:00+00:00"}, "gcve": {"object_uuid": "146a5385-4e44-4def-b59c-70757fa59720", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability | Affected: Fortinet / FortiOS and FortiProxy | Description:  Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that allows a remote attacker to gain super-admin privileges via crafted CSF proxy requests. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-08 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://fortiguard.fortinet.com/psirt/FG-IR-24-535 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24472"}, "references": [{"id": "CVE-2025-24472", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24472"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS and FortiProxy", "due_date": "2025-04-08", "date_added": "2025-03-18", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "f49c7a43-e154-43c6-9df4-c52f7ee2af40", "vulnerability": {"vulnId": "CVE-2025-21590", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-13T00:00:00+00:00"}, "gcve": {"object_uuid": "f49c7a43-e154-43c6-9df4-c52f7ee2af40", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability | Affected: Juniper / Junos OS | Description: Juniper Junos OS contains an improper isolation or compartmentalization vulnerability. This vulnerability could allows a local attacker with high privileges to inject arbitrary code. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportportal.juniper.net/s/article/2025-03-Out-of-Cycle-Security-Bulletin-Junos-OS-A-local-attacker-with-shell-access-can-execute-arbitrary-code-CVE-2025-21590?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2025-21590"}, "references": [{"id": "CVE-2025-21590", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-21590"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-653"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Junos OS", "due_date": "2025-04-03", "date_added": "2025-03-13", "vendorProject": "Juniper", "vulnerabilityName": "Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "023bd0aa-592f-431f-88a0-43707b278ca3", "vulnerability": {"vulnId": "CVE-2025-24201", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-13T00:00:00+00:00"}, "gcve": {"object_uuid": "023bd0aa-592f-431f-88a0-43707b278ca3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and other Apple products contain an out-of-bounds write vulnerability in WebKit that may allow maliciously crafted web content to break out of Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/122281 ; https://support.apple.com/en-us/122283 ; https://support.apple.com/en-us/122284 ; https://support.apple.com/en-us/122285 ; ; https://nvd.nist.gov/vuln/detail/CVE-2025-24201"}, "references": [{"id": "CVE-2025-24201", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24201"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-04-03", "date_added": "2025-03-13", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ddf68efb-2830-427a-923a-9d0b0ba5a524", "vulnerability": {"vulnId": "CVE-2025-24983", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-11T00:00:00+00:00"}, "gcve": {"object_uuid": "ddf68efb-2830-427a-923a-9d0b0ba5a524", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Win32k Use-After-Free Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Win32 Kernel Subsystem contains a use-after-free vulnerability that allows an authorized attacker to elevate privileges locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24983 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24983"}, "references": [{"id": "CVE-2025-24983", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24983"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-04-01", "date_added": "2025-03-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Win32k Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c1ff38ce-8ed7-43f5-aa48-5196e95a7c4a", "vulnerability": {"vulnId": "CVE-2025-24984", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-11T00:00:00+00:00"}, "gcve": {"object_uuid": "c1ff38ce-8ed7-43f5-aa48-5196e95a7c4a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows NTFS Information Disclosure Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows New Technology File System (NTFS) contains an insertion of sensitive Information into log file vulnerability that allows an unauthorized attacker to disclose information with a physical attack. An attacker who successfully exploited this vulnerability could potentially read portions of heap memory. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24984 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24984"}, "references": [{"id": "CVE-2025-24984", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24984"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-532"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-04-01", "date_added": "2025-03-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows NTFS Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "55ef1bb8-3846-473d-b1e1-e28a981f5fcc", "vulnerability": {"vulnId": "CVE-2025-24991", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-11T00:00:00+00:00"}, "gcve": {"object_uuid": "55ef1bb8-3846-473d-b1e1-e28a981f5fcc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows New Technology File System (NTFS) contains an out-of-bounds read vulnerability that allows an authorized attacker to disclose information locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24991 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24991"}, "references": [{"id": "CVE-2025-24991", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24991"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-125"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-04-01", "date_added": "2025-03-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows NTFS Out-Of-Bounds Read Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "69847d76-5b3b-4197-b09f-d08e1faea9c8", "vulnerability": {"vulnId": "CVE-2025-24993", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-11T00:00:00+00:00"}, "gcve": {"object_uuid": "69847d76-5b3b-4197-b09f-d08e1faea9c8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows New Technology File System (NTFS) contains a heap-based buffer overflow vulnerability that allows an unauthorized attacker to execute code locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24993 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24993"}, "references": [{"id": "CVE-2025-24993", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24993"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-04-01", "date_added": "2025-03-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows NTFS Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "aefb3d7a-7d1c-482a-9688-a0d349b15e34", "vulnerability": {"vulnId": "CVE-2025-24985", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-11T00:00:00+00:00"}, "gcve": {"object_uuid": "aefb3d7a-7d1c-482a-9688-a0d349b15e34", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Fast FAT File System Driver contains an integer overflow or wraparound vulnerability that allows an unauthorized attacker to execute code locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-24985 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24985"}, "references": [{"id": "CVE-2025-24985", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24985"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190", "CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-04-01", "date_added": "2025-03-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Fast FAT File System Driver Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2395ac0b-467a-497a-ae42-e6f7579adbb3", "vulnerability": {"vulnId": "CVE-2025-26633", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-11T00:00:00+00:00"}, "gcve": {"object_uuid": "2395ac0b-467a-497a-ae42-e6f7579adbb3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Management Console (MMC) contains an improper neutralization vulnerability that allows an unauthorized attacker to bypass a security feature locally. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-04-01 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-26633 ; https://nvd.nist.gov/vuln/detail/CVE-2025-26633"}, "references": [{"id": "CVE-2025-26633", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-26633"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-707"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-04-01", "date_added": "2025-03-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Management Console (MMC) Improper Neutralization Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "089f1172-37ae-4b7d-8899-b42047c5d7c9", "vulnerability": {"vulnId": "CVE-2024-13161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "089f1172-37ae-4b7d-8899-b42047c5d7c9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability | Affected: Ivanti / Endpoint Manager (EPM) | Description: Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13161"}, "references": [{"id": "CVE-2024-13161", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-13161"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-36"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Endpoint Manager (EPM)", "due_date": "2025-03-31", "date_added": "2025-03-10", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5ef07c26-2bba-4910-bef8-1f992fcb9ec3", "vulnerability": {"vulnId": "CVE-2024-13160", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "5ef07c26-2bba-4910-bef8-1f992fcb9ec3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability | Affected: Ivanti / Endpoint Manager (EPM) | Description: Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13160"}, "references": [{"id": "CVE-2024-13160", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-13160"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-36"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Endpoint Manager (EPM)", "due_date": "2025-03-31", "date_added": "2025-03-10", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9526ad2f-417c-40a4-b280-e546d919a306", "vulnerability": {"vulnId": "CVE-2024-13159", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "9526ad2f-417c-40a4-b280-e546d919a306", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability | Affected: Ivanti / Endpoint Manager (EPM) | Description: Ivanti Endpoint Manager (EPM) contains an absolute path traversal vulnerability that allows a remote unauthenticated attacker to leak sensitive information. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-13159"}, "references": [{"id": "CVE-2024-13159", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-13159"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-36"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Endpoint Manager (EPM)", "due_date": "2025-03-31", "date_added": "2025-03-10", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager (EPM) Absolute Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f9696218-e6b9-452d-865b-9f7ccc6f25bd", "vulnerability": {"vulnId": "CVE-2024-57968", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "f9696218-e6b9-452d-865b-9f7ccc6f25bd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Advantive VeraCore Unrestricted File Upload Vulnerability | Affected: Advantive / VeraCore | Description: Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://advantive.my.site.com/support/s/article/VeraCore-Release-Notes-2024-4-2-1 ; https://nvd.nist.gov/vuln/detail/CVE-2024-57968"}, "references": [{"id": "CVE-2024-57968", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-57968"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VeraCore", "due_date": "2025-03-31", "date_added": "2025-03-10", "vendorProject": "Advantive", "vulnerabilityName": "Advantive VeraCore Unrestricted File Upload Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "945ed962-2e0b-46af-a43e-cc92e2d2a8d6", "vulnerability": {"vulnId": "CVE-2025-25181", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "945ed962-2e0b-46af-a43e-cc92e2d2a8d6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-10T00:00:00Z"}, "scope": {"notes": "KEV entry:  Advantive VeraCore SQL Injection Vulnerability | Affected: Advantive / VeraCore | Description: Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://advantive.my.site.com/support/s/article/Veracore-Release-Notes-2025-1-1-3 ; https://nvd.nist.gov/vuln/detail/CVE-2025-25181"}, "references": [{"id": "CVE-2025-25181", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-25181"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VeraCore", "due_date": "2025-03-31", "date_added": "2025-03-10", "vendorProject": "Advantive", "vulnerabilityName": " Advantive VeraCore SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "626a0247-a4dd-4f9b-b76c-16724d814294", "vulnerability": {"vulnId": "CVE-2025-22225", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-04T00:00:00+00:00"}, "gcve": {"object_uuid": "626a0247-a4dd-4f9b-b76c-16724d814294", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-04T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware ESXi Arbitrary Write Vulnerability | Affected: VMware / ESXi | Description: VMware ESXi contains an arbitrary write vulnerability. Successful exploitation allows an attacker with privileges within the VMX process to trigger an arbitrary kernel write leading to an escape of the sandbox. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22225"}, "references": [{"id": "CVE-2025-22225", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-22225"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-123"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ESXi", "due_date": "2025-03-25", "date_added": "2025-03-04", "vendorProject": "VMware", "vulnerabilityName": "VMware ESXi Arbitrary Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fc0fc027-1090-4e11-9d90-8cc81af807b8", "vulnerability": {"vulnId": "CVE-2024-50302", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-04T00:00:00+00:00"}, "gcve": {"object_uuid": "fc0fc027-1090-4e11-9d90-8cc81af807b8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Use of Uninitialized Resource Vulnerability | Affected: Linux / Kernel | Description: The Linux kernel contains a use of uninitialized resource vulnerability that allows an attacker to leak kernel memory via a specially crafted HID report. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024111908-CVE-2024-50302-f677@gregkh/ ; https://source.android.com/docs/security/bulletin/2025-03-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-50302"}, "references": [{"id": "CVE-2024-50302", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-50302"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-908"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2025-03-25", "date_added": "2025-03-04", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Use of Uninitialized Resource Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "523b3af7-dcab-462b-b7d8-8fab7a2b9464", "vulnerability": {"vulnId": "CVE-2025-22224", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-04T00:00:00+00:00"}, "gcve": {"object_uuid": "523b3af7-dcab-462b-b7d8-8fab7a2b9464", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-04T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware ESXi and Workstation TOCTOU Race Condition Vulnerability | Affected: VMware / ESXi and Workstation | Description: VMware ESXi and Workstation contain a time-of-check time-of-use (TOCTOU) race condition vulnerability that leads to an out-of-bounds write. Successful exploitation enables an attacker with local administrative privileges on a virtual machine to execute code as the virtual machine's VMX process running on the host. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22224"}, "references": [{"id": "CVE-2025-22224", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-22224"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-367"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ESXi and Workstation", "due_date": "2025-03-25", "date_added": "2025-03-04", "vendorProject": "VMware", "vulnerabilityName": "VMware ESXi and Workstation TOCTOU Race Condition Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cb120960-09b2-467e-9f33-3f43b7f14a49", "vulnerability": {"vulnId": "CVE-2025-22226", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-04T00:00:00+00:00"}, "gcve": {"object_uuid": "cb120960-09b2-467e-9f33-3f43b7f14a49", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-04T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability | Affected: VMware / ESXi, Workstation, and Fusion | Description: VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability due to an out-of-bounds read in HGFS. Successful exploitation allows an attacker with administrative privileges to a virtual machine to leak memory from the vmx process. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390 ; https://nvd.nist.gov/vuln/detail/CVE-2025-22226"}, "references": [{"id": "CVE-2025-22226", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-22226"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-125"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ESXi, Workstation, and Fusion", "due_date": "2025-03-25", "date_added": "2025-03-04", "vendorProject": "VMware", "vulnerabilityName": "VMware ESXi, Workstation, and Fusion Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "aef35cd6-09c1-46ef-acbc-65df705001b1", "vulnerability": {"vulnId": "CVE-2024-4885", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "aef35cd6-09c1-46ef-acbc-65df705001b1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Progress WhatsUp Gold Path Traversal Vulnerability | Affected: Progress / WhatsUp Gold | Description: Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-June-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-4885"}, "references": [{"id": "CVE-2024-4885", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-4885"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WhatsUp Gold", "due_date": "2025-03-24", "date_added": "2025-03-03", "vendorProject": "Progress", "vulnerabilityName": "Progress WhatsUp Gold Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "aba4b997-7dab-4307-9987-69f8886a89d0", "vulnerability": {"vulnId": "CVE-2023-20118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "aba4b997-7dab-4307-9987-69f8886a89d0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Small Business RV Series Routers Command Injection Vulnerability | Affected: Cisco / Small Business RV Series Routers | Description: Multiple Cisco Small Business RV Series Routers contains a command injection vulnerability in the web-based management interface. Successful exploitation could allow an authenticated, remote attacker to gain root-level privileges and access unauthorized data. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 ; https://nvd.nist.gov/vuln/detail/CVE-2023-20118"}, "references": [{"id": "CVE-2023-20118", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-20118"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Small Business RV Series Routers", "due_date": "2025-03-24", "date_added": "2025-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Small Business RV Series Routers Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1c42a44c-4cfe-4ef7-a19b-7fd8175999b3", "vulnerability": {"vulnId": "CVE-2022-43769", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1c42a44c-4cfe-4ef7-a19b-7fd8175999b3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability | Affected: Hitachi Vantara / Pentaho Business Analytics (BA) Server | Description: Hitachi Vantara Pentaho BA Server contains a special element injection vulnerability that allows an attacker to inject Spring templates into properties files, allowing for arbitrary command execution. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.pentaho.com/hc/en-us/articles/14455561548301--Resolved-Pentaho-BA-Server-Failure-to-Sanitize-Special-Elements-into-a-Different-Plane-Special-Element-Injection-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43769 ; https://nvd.nist.gov/vuln/detail/CVE-2022-43769"}, "references": [{"id": "CVE-2022-43769", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-43769"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pentaho Business Analytics (BA) Server", "due_date": "2025-03-24", "date_added": "2025-03-03", "vendorProject": "Hitachi Vantara", "vulnerabilityName": "Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2a849a17-b15c-490a-a389-40aad317cc05", "vulnerability": {"vulnId": "CVE-2022-43939", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2a849a17-b15c-490a-a389-40aad317cc05", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability | Affected: Hitachi Vantara / Pentaho Business Analytics (BA) Server | Description: Hitachi Vantara Pentaho BA Server contains a use of non-canonical URL paths for authorization decisions vulnerability that enables an attacker to bypass authorization. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.pentaho.com/hc/en-us/articles/14455394120333--Resolved-Pentaho-BA-Server-Use-of-Non-Canonical-URL-Paths-for-Authorization-Decisions-Versions-before-9-4-0-1-and-9-3-0-2-including-8-3-x-Impacted-CVE-2022-43939- ; https://nvd.nist.gov/vuln/detail/CVE-2022-43939"}, "references": [{"id": "CVE-2022-43939", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-43939"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-647"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pentaho Business Analytics (BA) Server", "due_date": "2025-03-24", "date_added": "2025-03-03", "vendorProject": "Hitachi Vantara", "vulnerabilityName": "Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2e2b8877-982f-4737-9dcb-d0caa824a8de", "vulnerability": {"vulnId": "CVE-2018-8639", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2e2b8877-982f-4737-9dcb-d0caa824a8de", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Win32k contains an improper resource shutdown or release vulnerability that allows for local, authenticated privilege escalation. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-8639 ; https://nvd.nist.gov/vuln/detail/CVE-2018-8639"}, "references": [{"id": "CVE-2018-8639", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8639"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-404"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-03-24", "date_added": "2025-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "224a28d7-5d4e-41b1-bad3-2f6cfbce6885", "vulnerability": {"vulnId": "CVE-2023-34192", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-25T00:00:00+00:00"}, "gcve": {"object_uuid": "224a28d7-5d4e-41b1-bad3-2f6cfbce6885", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability that allows a remote authenticated attacker to execute arbitrary code via a crafted script to the /h/autoSaveDraft function. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2023-34192"}, "references": [{"id": "CVE-2023-34192", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-34192"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2025-03-18", "date_added": "2025-02-25", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "76b20bc8-c137-4a50-b057-b8c9f0aaba9e", "vulnerability": {"vulnId": "CVE-2024-49035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-25T00:00:00+00:00"}, "gcve": {"object_uuid": "76b20bc8-c137-4a50-b057-b8c9f0aaba9e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Partner Center Improper Access Control Vulnerability | Affected: Microsoft / Partner Center | Description: Microsoft Partner Center contains an improper access control vulnerability that allows an attacker to escalate privileges. | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49035 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49035"}, "references": [{"id": "CVE-2024-49035", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-49035"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Partner Center", "due_date": "2025-03-18", "date_added": "2025-02-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Partner Center Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1c90cdc8-4615-4751-8b6b-6f55ed643d9a", "vulnerability": {"vulnId": "CVE-2017-3066", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-24T00:00:00+00:00"}, "gcve": {"object_uuid": "1c90cdc8-4615-4751-8b6b-6f55ed643d9a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Deserialization Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe ColdFusion contains a deserialization vulnerability in the Apache BlazeDS library that allows for arbitrary code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2017-3066"}, "references": [{"id": "CVE-2017-3066", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-3066"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2025-03-17", "date_added": "2025-02-24", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Deserialization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6ad9a160-74b1-40e9-b37f-0244e4d394e7", "vulnerability": {"vulnId": "CVE-2024-20953", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-24T00:00:00+00:00"}, "gcve": {"object_uuid": "6ad9a160-74b1-40e9-b37f-0244e4d394e7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability | Affected: Oracle / Agile Product Lifecycle Management (PLM) | Description: Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/cpujan2024.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20953"}, "references": [{"id": "CVE-2024-20953", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-20953"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Agile Product Lifecycle Management (PLM)", "due_date": "2025-03-17", "date_added": "2025-02-24", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d73d14b1-9e71-454c-bf76-05a05418a0ec", "vulnerability": {"vulnId": "CVE-2025-24989", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-21T00:00:00+00:00"}, "gcve": {"object_uuid": "d73d14b1-9e71-454c-bf76-05a05418a0ec", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Power Pages Improper Access Control Vulnerability | Affected: Microsoft / Power Pages | Description: Microsoft Power Pages contains an improper access control vulnerability that allows an unauthorized attacker to elevate privileges over a network potentially bypassing the user registration control. | Required action: Apply mitigations per vendor instructions, follow BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2025-24989 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24989"}, "references": [{"id": "CVE-2025-24989", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24989"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Power Pages", "due_date": "2025-03-14", "date_added": "2025-02-21", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Power Pages Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e12c1d01-e4fa-40b2-8c4a-75d87af82ab6", "vulnerability": {"vulnId": "CVE-2025-0111", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-20T00:00:00+00:00"}, "gcve": {"object_uuid": "e12c1d01-e4fa-40b2-8c4a-75d87af82ab6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks PAN-OS File Read Vulnerability | Affected: Palo Alto Networks / PAN-OS | Description: Palo Alto Networks PAN-OS contains an external control of file name or path vulnerability. Successful exploitation enables an authenticated attacker with network access to the management web interface to read files on the PAN-OS filesystem that are readable by the \u201cnobody\u201d user. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.paloaltonetworks.com/CVE-2025-0111 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0111"}, "references": [{"id": "CVE-2025-0111", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-0111"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-73"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PAN-OS", "due_date": "2025-03-13", "date_added": "2025-02-20", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks PAN-OS File Read Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bf56ebb5-0a5a-41a0-97c0-cec1806b3cba", "vulnerability": {"vulnId": "CVE-2025-23209", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-20T00:00:00+00:00"}, "gcve": {"object_uuid": "bf56ebb5-0a5a-41a0-97c0-cec1806b3cba", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Craft CMS Code Injection Vulnerability | Affected: Craft CMS / Craft CMS | Description: Craft CMS contains a code injection vulnerability caused by improper validation of the database backup path, ultimately enabling remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/craftcms/cms/security/advisories/GHSA-x684-96hh-833x ; https://nvd.nist.gov/vuln/detail/CVE-2025-23209"}, "references": [{"id": "CVE-2025-23209", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-23209"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Craft CMS", "due_date": "2025-03-13", "date_added": "2025-02-20", "vendorProject": "Craft CMS", "vulnerabilityName": "Craft CMS Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3df6d863-187b-46f5-b13a-70aa1a89f047", "vulnerability": {"vulnId": "CVE-2025-0108", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-18T00:00:00+00:00"}, "gcve": {"object_uuid": "3df6d863-187b-46f5-b13a-70aa1a89f047", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability | Affected: Palo Alto Networks / PAN-OS | Description: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in its management web interface. This vulnerability allows an unauthenticated attacker with network access to the management web interface to bypass the authentication normally required and invoke certain PHP scripts. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.paloaltonetworks.com/CVE-2025-0108 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0108"}, "references": [{"id": "CVE-2025-0108", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-0108"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PAN-OS", "due_date": "2025-03-11", "date_added": "2025-02-18", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks PAN-OS Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fd3c35bb-67ab-41ed-886a-27d46a940afd", "vulnerability": {"vulnId": "CVE-2024-53704", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-18T00:00:00+00:00"}, "gcve": {"object_uuid": "fd3c35bb-67ab-41ed-886a-27d46a940afd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-18T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SonicOS SSLVPN Improper Authentication Vulnerability | Affected: SonicWall / SonicOS | Description: SonicWall SonicOS contains an improper authentication vulnerability in the SSLVPN authentication mechanism that allows a remote attacker to bypass authentication. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-11 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003 ; https://nvd.nist.gov/vuln/detail/CVE-2024-53704"}, "references": [{"id": "CVE-2024-53704", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-53704"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SonicOS", "due_date": "2025-03-11", "date_added": "2025-02-18", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SonicOS SSLVPN Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "637b0151-7750-4761-9adb-bf66c23430ad", "vulnerability": {"vulnId": "CVE-2024-57727", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "637b0151-7750-4761-9adb-bf66c23430ad", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-13T00:00:00Z"}, "scope": {"notes": "KEV entry: SimpleHelp Path Traversal Vulnerability | Affected: SimpleHelp  / SimpleHelp | Description: SimpleHelp remote support software contains multiple path traversal vulnerabilities that allow unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files may include server configuration files and hashed user passwords. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-06 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://simple-help.com/kb---security-vulnerabilities-01-2025 ; Additional CISA Mitigation Instructions: https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a ; https://nvd.nist.gov/vuln/detail/CVE-2024-57727"}, "references": [{"id": "CVE-2024-57727", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-57727"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SimpleHelp", "due_date": "2025-03-06", "date_added": "2025-02-13", "vendorProject": "SimpleHelp ", "vulnerabilityName": "SimpleHelp Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "90452e6d-4365-4ec3-a2b6-79dbdbc5575a", "vulnerability": {"vulnId": "CVE-2024-41710", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "90452e6d-4365-4ec3-a2b6-79dbdbc5575a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Mitel SIP Phones Argument Injection Vulnerability | Affected: Mitel / SIP Phones | Description: Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, contain an argument injection vulnerability due to insufficient parameter sanitization during the boot process. Successful exploitation may allow an attacker to execute arbitrary commands within the context of the system. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.mitel.com/-/media/mitel/file/pdf/support/security-advisories/security-bulletin_24-0019-001-v2.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2024-41710"}, "references": [{"id": "CVE-2024-41710", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-41710"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-88"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SIP Phones", "due_date": "2025-03-05", "date_added": "2025-02-12", "vendorProject": "Mitel", "vulnerabilityName": "Mitel SIP Phones Argument Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cd40ce47-4ee5-4999-88b8-1efc48026514", "vulnerability": {"vulnId": "CVE-2025-24200", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "cd40ce47-4ee5-4999-88b8-1efc48026514", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS and iPadOS Incorrect Authorization Vulnerability | Affected: Apple / iOS and iPadOS | Description: Apple iOS and iPadOS contains an incorrect authorization vulnerability that allows a physical attacker to disable USB Restricted Mode on a locked device. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/122173 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24200"}, "references": [{"id": "CVE-2025-24200", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24200"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS and iPadOS", "due_date": "2025-03-05", "date_added": "2025-02-12", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS and iPadOS Incorrect Authorization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "987ef681-cfb2-4843-adf1-57fcda547fa0", "vulnerability": {"vulnId": "CVE-2025-21418", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "987ef681-cfb2-4843-adf1-57fcda547fa0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Ancillary Function Driver for WinSock contains a heap-based buffer overflow vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21418"}, "references": [{"id": "CVE-2025-21418", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-21418"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-03-04", "date_added": "2025-02-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Ancillary Function Driver for WinSock Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a14d77b2-dbb0-4eeb-b0fa-92c43c60cca3", "vulnerability": {"vulnId": "CVE-2024-40890", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "a14d77b2-dbb0-4eeb-b0fa-92c43c60cca3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel DSL CPE OS Command Injection Vulnerability | Affected: Zyxel / DSL CPE Devices | Description: Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the CGI program that could allow an authenticated attacker to execute OS commands via a crafted HTTP request. | Required action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable. | Due date: 2025-03-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 ; https://www.zyxel.com/service-provider/global/en/security-advisories/zyxel-security-advisory-command-injection-insecure-in-certain-legacy-dsl-cpe-02-04-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40890"}, "references": [{"id": "CVE-2024-40890", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-40890"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DSL CPE Devices", "due_date": "2025-03-04", "date_added": "2025-02-11", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel DSL CPE OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1606a67b-330c-44dc-b00a-8237c470c2a6", "vulnerability": {"vulnId": "CVE-2024-40891", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "1606a67b-330c-44dc-b00a-8237c470c2a6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel DSL CPE OS Command Injection Vulnerability | Affected: Zyxel / DSL CPE Devices | Description: Multiple Zyxel DSL CPE devices contain a post-authentication command injection vulnerability in the management commands that could allow an authenticated attacker to execute OS commands via Telnet. | Required action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable. | Due date: 2025-03-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-and-insecure-default-credentials-vulnerabilities-in-certain-legacy-dsl-cpe-02-04-2025 ; https://www.zyxel.com/service-provider/global/en/security-advisories/zyxel-security-advisory-command-injection-insecure-in-certain-legacy-dsl-cpe-02-04-2025 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40891"}, "references": [{"id": "CVE-2024-40891", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-40891"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DSL CPE Devices", "due_date": "2025-03-04", "date_added": "2025-02-11", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel DSL CPE OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d319f2c3-f296-4a74-907e-272219dae38a", "vulnerability": {"vulnId": "CVE-2025-21391", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "d319f2c3-f296-4a74-907e-272219dae38a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Storage Link Following Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Storage contains a link following vulnerability that could allow for privilege escalation. This vulnerability could allow an attacker to delete data including data that results in the service being unavailable. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-03-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21391 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21391"}, "references": [{"id": "CVE-2025-21391", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-21391"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-03-04", "date_added": "2025-02-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Storage Link Following Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5d973e59-7467-42c2-9193-2431220a0d5a", "vulnerability": {"vulnId": "CVE-2025-0994", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-07T00:00:00+00:00"}, "gcve": {"object_uuid": "5d973e59-7467-42c2-9193-2431220a0d5a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Trimble Cityworks Deserialization Vulnerability | Affected: Trimble / Cityworks | Description: Trimble Cityworks contains a deserialization vulnerability. This could allow an authenticated user to perform a remote code execution attack against a customer's Microsoft Internet Information Services (IIS) web server. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-05-docx/0?; https://www.cisa.gov/news-events/ics-advisories/icsa-25-037-04 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0994"}, "references": [{"id": "CVE-2025-0994", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-0994"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Cityworks", "due_date": "2025-02-28", "date_added": "2025-02-07", "vendorProject": "Trimble", "vulnerabilityName": "Trimble Cityworks Deserialization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6c3abe9e-5757-4507-9c07-09b53fa26903", "vulnerability": {"vulnId": "CVE-2025-0411", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "6c3abe9e-5757-4507-9c07-09b53fa26903", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-06T00:00:00Z"}, "scope": {"notes": "KEV entry: 7-Zip Mark of the Web Bypass Vulnerability | Affected: 7-Zip / 7-Zip | Description: 7-Zip contains a protection mechanism failure vulnerability that allows remote attackers to bypass the Mark-of-the-Web security feature to execute arbitrary code in the context of the current user. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.7-zip.org/history.txt ; https://nvd.nist.gov/vuln/detail/CVE-2025-0411"}, "references": [{"id": "CVE-2025-0411", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-0411"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-693"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "7-Zip", "due_date": "2025-02-27", "date_added": "2025-02-06", "vendorProject": "7-Zip", "vulnerabilityName": "7-Zip Mark of the Web Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0c83c80e-ef10-4de5-9187-6a80987e0072", "vulnerability": {"vulnId": "CVE-2020-29574", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "0c83c80e-ef10-4de5-9187-6a80987e0072", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-06T00:00:00Z"}, "scope": {"notes": "KEV entry: CyberoamOS (CROS) SQL Injection Vulnerability | Affected: Sophos / CyberoamOS | Description: CyberoamOS (CROS) contains a SQL injection vulnerability in the WebAdmin that allows an unauthenticated attacker to execute arbitrary SQL statements remotely. | Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product. | Due date: 2025-02-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.sophos.com/support/s/article/KBA-000007526 ; https://nvd.nist.gov/vuln/detail/CVE-2020-29574"}, "references": [{"id": "CVE-2020-29574", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-29574"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CyberoamOS", "due_date": "2025-02-27", "date_added": "2025-02-06", "vendorProject": "Sophos", "vulnerabilityName": "CyberoamOS (CROS) SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "418bec9f-15f5-4538-9002-36683e159d0d", "vulnerability": {"vulnId": "CVE-2022-23748", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "418bec9f-15f5-4538-9002-36683e159d0d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Dante Discovery Process Control Vulnerability | Affected: Audinate / Dante Discovery | Description: Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.getdante.com/support/faq/audinate-response-to-dante-discovery-mdnsresponder-exe-security-issue-cve-2022-23748/ ; https://nvd.nist.gov/vuln/detail/CVE-2022-23748"}, "references": [{"id": "CVE-2022-23748", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-23748"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-114"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Dante Discovery", "due_date": "2025-02-27", "date_added": "2025-02-06", "vendorProject": "Audinate", "vulnerabilityName": "Dante Discovery Process Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b369e4ab-7968-4633-8855-4d0fd59f9808", "vulnerability": {"vulnId": "CVE-2020-15069", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "b369e4ab-7968-4633-8855-4d0fd59f9808", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Sophos XG Firewall Buffer Overflow Vulnerability | Affected: Sophos / XG Firewall | Description: Sophos XG Firewall contains a buffer overflow vulnerability that allows for remote code execution via the \"HTTP/S bookmark\" feature. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://community.sophos.com/b/security-blog/posts/advisory-buffer-overflow-vulnerability-in-user-portal ; https://nvd.nist.gov/vuln/detail/CVE-2020-15069"}, "references": [{"id": "CVE-2020-15069", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-15069"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-120"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "XG Firewall", "due_date": "2025-02-27", "date_added": "2025-02-06", "vendorProject": "Sophos", "vulnerabilityName": "Sophos XG Firewall Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a6344a54-a1fe-4f8b-bb1b-e65d104af44e", "vulnerability": {"vulnId": "CVE-2024-21413", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "a6344a54-a1fe-4f8b-bb1b-e65d104af44e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Outlook Improper Input Validation Vulnerability | Affected: Microsoft / Office Outlook | Description: Microsoft Outlook contains an improper input validation vulnerability that allows for remote code execution. Successful exploitation of this vulnerability would allow an attacker to bypass the Office Protected View and open in editing mode rather than protected mode. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413 ; https://nvd.nist.gov/vuln/detail/CVE-2024-21413"}, "references": [{"id": "CVE-2024-21413", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21413"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office Outlook", "due_date": "2025-02-27", "date_added": "2025-02-06", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Outlook Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7aa39bae-2dcb-401a-b9da-b9d1d8b9cda4", "vulnerability": {"vulnId": "CVE-2024-53104", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-05T00:00:00+00:00"}, "gcve": {"object_uuid": "7aa39bae-2dcb-401a-b9da-b9d1d8b9cda4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Out-of-Bounds Write Vulnerability | Affected: Linux / Kernel | Description: Linux kernel contains an out-of-bounds write vulnerability in the uvc_parse_streaming component of the USB Video Class (UVC) driver that could allow for physical escalation of privilege. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://lore.kernel.org/linux-cve-announce/2024120232-CVE-2024-53104-d781@gregkh/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-53104"}, "references": [{"id": "CVE-2024-53104", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-53104"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2025-02-26", "date_added": "2025-02-05", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "150c2734-a97e-4215-8aa6-8ca18b33b5b6", "vulnerability": {"vulnId": "CVE-2018-19410", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "150c2734-a97e-4215-8aa6-8ca18b33b5b6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Paessler PRTG Network Monitor Local File Inclusion Vulnerability | Affected: Paessler / PRTG Network Monitor | Description: Paessler PRTG Network Monitor contains a local file inclusion vulnerability that allows a remote, unauthenticated attacker to create users with read-write privileges (including administrator). | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.paessler.com/prtg/history/prtg-18#18.2.41.1652 ; https://nvd.nist.gov/vuln/detail/CVE-2018-19410"}, "references": [{"id": "CVE-2018-19410", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-19410"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PRTG Network Monitor", "due_date": "2025-02-25", "date_added": "2025-02-04", "vendorProject": "Paessler", "vulnerabilityName": "Paessler PRTG Network Monitor Local File Inclusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fe763d87-d33e-472f-9eb3-7963cdd06033", "vulnerability": {"vulnId": "CVE-2024-45195", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "fe763d87-d33e-472f-9eb3-7963cdd06033", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache OFBiz Forced Browsing Vulnerability | Affected: Apache / OFBiz | Description: Apache OFBiz contains a forced browsing vulnerability that allows a remote attacker to obtain unauthorized access. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://ofbiz.apache.org/security.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-45195"}, "references": [{"id": "CVE-2024-45195", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-45195"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-425"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "OFBiz", "due_date": "2025-02-25", "date_added": "2025-02-04", "vendorProject": "Apache", "vulnerabilityName": "Apache OFBiz Forced Browsing Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "124720e9-3e8b-4ea1-94a5-8763c8d350e8", "vulnerability": {"vulnId": "CVE-2024-29059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "124720e9-3e8b-4ea1-94a5-8763c8d350e8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft .NET Framework Information Disclosure Vulnerability | Affected: Microsoft / .NET Framework | Description: Microsoft .NET Framework contains an information disclosure vulnerability that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29059"}, "references": [{"id": "CVE-2024-29059", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-29059"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-209"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": ".NET Framework", "due_date": "2025-02-25", "date_added": "2025-02-04", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft .NET Framework Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ccba759b-1503-4b31-a61c-edcdf3ca5da5", "vulnerability": {"vulnId": "CVE-2018-9276", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "ccba759b-1503-4b31-a61c-edcdf3ca5da5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-02-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-02-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Paessler PRTG Network Monitor OS Command Injection Vulnerability | Affected: Paessler / PRTG Network Monitor | Description: Paessler PRTG Network Monitor contains an OS command injection vulnerability that allows an attacker with administrative privileges to execute commands via the PRTG System Administrator web console. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.paessler.com/prtg/history/prtg-18#18.2.39 ; https://nvd.nist.gov/vuln/detail/CVE-2018-9276"}, "references": [{"id": "CVE-2018-9276", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-9276"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PRTG Network Monitor", "due_date": "2025-02-25", "date_added": "2025-02-04", "vendorProject": "Paessler", "vulnerabilityName": "Paessler PRTG Network Monitor OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0034443a-4bc5-409a-b7e8-9b8a219fa7a9", "vulnerability": {"vulnId": "CVE-2025-24085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-29T00:00:00+00:00"}, "gcve": {"object_uuid": "0034443a-4bc5-409a-b7e8-9b8a219fa7a9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Use-After-Free Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, macOS, and other Apple products contain a user-after-free vulnerability that could allow a malicious application to elevate privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/122066 ; https://support.apple.com/en-us/122068 ; https://support.apple.com/en-us/122071 ; https://support.apple.com/en-us/122072 ; https://support.apple.com/en-us/122073 ; https://nvd.nist.gov/vuln/detail/CVE-2025-24085"}, "references": [{"id": "CVE-2025-24085", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-24085"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-02-19", "date_added": "2025-01-29", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c3177c82-2575-464a-90aa-e8884f2eceb9", "vulnerability": {"vulnId": "CVE-2025-23006", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-24T00:00:00+00:00"}, "gcve": {"object_uuid": "c3177c82-2575-464a-90aa-e8884f2eceb9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-24T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SMA1000 Appliances Deserialization Vulnerability | Affected: SonicWall / SMA1000 Appliances | Description: SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) contain a deserialization of untrusted data vulnerability, which can enable a remote, unauthenticated attacker to execute arbitrary OS commands. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 ; https://nvd.nist.gov/vuln/detail/CVE-2025-23006"}, "references": [{"id": "CVE-2025-23006", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-23006"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMA1000 Appliances", "due_date": "2025-02-14", "date_added": "2025-01-24", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SMA1000 Appliances Deserialization Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8eb55525-535b-41c6-8658-b0826a8afda6", "vulnerability": {"vulnId": "CVE-2020-11023", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "8eb55525-535b-41c6-8658-b0826a8afda6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-23T00:00:00Z"}, "scope": {"notes": "KEV entry: JQuery Cross-Site Scripting (XSS) Vulnerability | Affected: JQuery / JQuery | Description: JQuery contains a persistent cross-site scripting (XSS) vulnerability. When passing maliciously formed, untrusted input enclosed in HTML tags, JQuery's DOM manipulators can execute untrusted code in the context of the user's browser. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability could affect an open-source component, third-party library, protocol, or proprietary implementation that could be used by different products. For more information, please see: https://github.com/jquery/jquery/security/advisories/GHSA-jpcq-cgw6-v4j6 ; https://blog.jquery.com/2020/04/10/jquery-3-5-0-released/ ; https://nvd.nist.gov/vuln/detail/CVE-2020-11023"}, "references": [{"id": "CVE-2020-11023", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11023"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "JQuery", "due_date": "2025-02-13", "date_added": "2025-01-23", "vendorProject": "JQuery", "vulnerabilityName": "JQuery Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "df718c0f-7da1-4ecc-81fb-20cd741e415b", "vulnerability": {"vulnId": "CVE-2024-50603", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-16T00:00:00+00:00"}, "gcve": {"object_uuid": "df718c0f-7da1-4ecc-81fb-20cd741e415b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Aviatrix Controllers OS Command Injection Vulnerability | Affected: Aviatrix / Controllers | Description: Aviatrix Controllers contain an OS command injection vulnerability that could allow an unauthenticated attacker to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://docs.aviatrix.com/documentation/latest/release-notices/psirt-advisories/psirt-advisories.html?expand=true ; https://nvd.nist.gov/vuln/detail/CVE-2024-50603"}, "references": [{"id": "CVE-2024-50603", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-50603"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Controllers", "due_date": "2025-02-06", "date_added": "2025-01-16", "vendorProject": "Aviatrix", "vulnerabilityName": "Aviatrix Controllers OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f575a741-4f4b-4fa8-8c2a-16b77aa96d0d", "vulnerability": {"vulnId": "CVE-2025-21335", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "f575a741-4f4b-4fa8-8c2a-16b77aa96d0d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21335 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21335"}, "references": [{"id": "CVE-2025-21335", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-21335"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-02-04", "date_added": "2025-01-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "257e0f77-a2fb-47f8-ad1a-44c244191444", "vulnerability": {"vulnId": "CVE-2025-21333", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "257e0f77-a2fb-47f8-ad1a-44c244191444", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Hyper-V NT Kernel Integration VSP contains a heap-based buffer overflow vulnerability that allows a local attacker to gain SYSTEM privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21333 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21333"}, "references": [{"id": "CVE-2025-21333", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-21333"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-02-04", "date_added": "2025-01-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Hyper-V NT Kernel Integration VSP Heap-based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "de893410-bd8d-49bf-933d-6b29c6283ee5", "vulnerability": {"vulnId": "CVE-2024-55591", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "de893410-bd8d-49bf-933d-6b29c6283ee5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability | Affected: Fortinet / FortiOS and FortiProxy | Description: Fortinet FortiOS and FortiProxy contain an authentication bypass vulnerability that may allow an unauthenticated, remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-01-21 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://fortiguard.fortinet.com/psirt/FG-IR-24-535 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55591"}, "references": [{"id": "CVE-2024-55591", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-55591"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS and FortiProxy", "due_date": "2025-01-21", "date_added": "2025-01-14", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "ade48aa4-439a-4b34-885b-4885e084f635", "vulnerability": {"vulnId": "CVE-2025-21334", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-14T00:00:00+00:00"}, "gcve": {"object_uuid": "ade48aa4-439a-4b34-885b-4885e084f635", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Hyper-V NT Kernel Integration VSP contains a use-after-free vulnerability that allows a local attacker to gain SYSTEM privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2025-21334 ; https://nvd.nist.gov/vuln/detail/CVE-2025-21334"}, "references": [{"id": "CVE-2025-21334", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-21334"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-02-04", "date_added": "2025-01-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Hyper-V NT Kernel Integration VSP Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "19c6acfb-6c90-4513-9e47-7d19fa8e81de", "vulnerability": {"vulnId": "CVE-2023-48365", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-13T00:00:00+00:00"}, "gcve": {"object_uuid": "19c6acfb-6c90-4513-9e47-7d19fa8e81de", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Qlik Sense HTTP Tunneling Vulnerability | Affected: Qlik / Sense | Description: Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510 ; https://nvd.nist.gov/vuln/detail/CVE-2023-48365"}, "references": [{"id": "CVE-2023-48365", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-48365"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-444"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Sense", "due_date": "2025-02-03", "date_added": "2025-01-13", "vendorProject": "Qlik", "vulnerabilityName": "Qlik Sense HTTP Tunneling Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3f184bde-7860-499f-b179-471a2efc40de", "vulnerability": {"vulnId": "CVE-2024-12686", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-13T00:00:00+00:00"}, "gcve": {"object_uuid": "3f184bde-7860-499f-b179-471a2efc40de", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-13T00:00:00Z"}, "scope": {"notes": "KEV entry: BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability | Affected: BeyondTrust / Privileged Remote Access (PRA) and Remote Support (RS) | Description: BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain an OS command injection vulnerability that can be exploited by an attacker with existing administrative privileges to upload a malicious file. Successful exploitation of this vulnerability can allow a remote attacker to execute underlying operating system commands within the context of the site user. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-02-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.beyondtrust.com/trust-center/security-advisories/bt24-11 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12686"}, "references": [{"id": "CVE-2024-12686", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-12686"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Privileged Remote Access (PRA) and Remote Support (RS)", "due_date": "2025-02-03", "date_added": "2025-01-13", "vendorProject": "BeyondTrust", "vulnerabilityName": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fb1548ba-92ce-4eda-8cc5-38d5c34f26ad", "vulnerability": {"vulnId": "CVE-2025-0282", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "fb1548ba-92ce-4eda-8cc5-38d5c34f26ad", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability | Affected: Ivanti / Connect Secure, Policy Secure, and ZTA Gateways | Description: Ivanti Connect Secure, Policy Secure, and ZTA Gateways contain a stack-based buffer overflow which can lead to unauthenticated remote code execution. | Required action: Apply mitigations as set forth in the CISA instructions linked below to include conducting hunt activities, taking remediation actions if applicable, and applying updates prior to returning a device to service. | Due date: 2025-01-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): CISA Mitigation Instructions: https://www.cisa.gov/cisa-mitigation-instructions-CVE-2025-0282 Additional References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Connect-Secure-Policy-Secure-ZTA-Gateways-CVE-2025-0282-CVE-2025-0283 ; https://nvd.nist.gov/vuln/detail/CVE-2025-0282"}, "references": [{"id": "CVE-2025-0282", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2025-0282"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-121"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Connect Secure, Policy Secure, and ZTA Gateways", "due_date": "2025-01-15", "date_added": "2025-01-08", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Connect Secure, Policy Secure, and ZTA Gateways Stack-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "554f9393-3cf5-4347-8b83-ea23fac5b5f8", "vulnerability": {"vulnId": "CVE-2020-2883", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-07T00:00:00+00:00"}, "gcve": {"object_uuid": "554f9393-3cf5-4347-8b83-ea23fac5b5f8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle WebLogic Server Unspecified Vulnerability | Affected: Oracle / WebLogic Server | Description: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-01-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/cpuapr2020.html ; https://nvd.nist.gov/vuln/detail/CVE-2020-2883"}, "references": [{"id": "CVE-2020-2883", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-2883"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebLogic Server", "due_date": "2025-01-28", "date_added": "2025-01-07", "vendorProject": "Oracle", "vulnerabilityName": "Oracle WebLogic Server Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "90419a5d-b36a-40e7-8209-dd6f753e1150", "vulnerability": {"vulnId": "CVE-2024-41713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-07T00:00:00+00:00"}, "gcve": {"object_uuid": "90419a5d-b36a-40e7-8209-dd6f753e1150", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Mitel MiCollab Path Traversal Vulnerability | Affected: Mitel / MiCollab | Description: Mitel MiCollab contains a path traversal vulnerability that could allow an attacker to gain unauthorized and unauthenticated access. This vulnerability can be chained with CVE-2024-55550, which allows an unauthenticated, remote attacker to read arbitrary files on the server. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-01-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-41713 "}, "references": [{"id": "CVE-2024-41713", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-41713"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MiCollab", "due_date": "2025-01-28", "date_added": "2025-01-07", "vendorProject": "Mitel", "vulnerabilityName": "Mitel MiCollab Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "650157df-bc2e-4a1e-b7fc-de9a9fe7df99", "vulnerability": {"vulnId": "CVE-2024-55550", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2025-01-07T00:00:00+00:00"}, "gcve": {"object_uuid": "650157df-bc2e-4a1e-b7fc-de9a9fe7df99", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2025-01-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2025-01-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Mitel MiCollab Path Traversal Vulnerability | Affected: Mitel / MiCollab | Description: Mitel MiCollab contains a path traversal vulnerability that could allow an authenticated attacker with administrative privileges to read local files within the system due to insufficient input sanitization. This vulnerability can be chained with CVE-2024-41713, which allows an unauthenticated, remote attacker to read arbitrary files on the server. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-01-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55550"}, "references": [{"id": "CVE-2024-55550", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-55550"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MiCollab", "due_date": "2025-01-28", "date_added": "2025-01-07", "vendorProject": "Mitel", "vulnerabilityName": "Mitel MiCollab Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2985feaa-60cc-4679-9b17-544cd8808220", "vulnerability": {"vulnId": "CVE-2024-3393", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2985feaa-60cc-4679-9b17-544cd8808220", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability | Affected: Palo Alto Networks / PAN-OS | Description: Palo Alto Networks PAN-OS contains a vulnerability in parsing and logging malicious DNS packets in the DNS Security feature that, when exploited, allows an unauthenticated attacker to remotely reboot the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-01-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.paloaltonetworks.com/CVE-2024-3393 ; https://nvd.nist.gov/vuln/detail/CVE-2024-3393"}, "references": [{"id": "CVE-2024-3393", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-3393"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-754"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PAN-OS", "due_date": "2025-01-20", "date_added": "2024-12-30", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks PAN-OS Malicious DNS Packet Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a261fda1-b1bd-488f-8679-2048aa2e2fb0", "vulnerability": {"vulnId": "CVE-2021-44207", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-23T00:00:00+00:00"}, "gcve": {"object_uuid": "a261fda1-b1bd-488f-8679-2048aa2e2fb0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability  | Affected: Acclaim Systems / USAHERDS | Description: Acclaim Systems USAHERDS contains a hard-coded credentials vulnerability that could allow an attacker to achieve remote code execution on the system that runs the application. The MachineKey must be obtained via a separate vulnerability or other channel. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Please contact the product developer for support and vulnerability mitigation. | Due date: 2025-01-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.acclaimsystems.com/#contact ; https://www.tnatc.org/#contact ; https://nvd.nist.gov/vuln/detail/CVE-2021-44207"}, "references": [{"id": "CVE-2021-44207", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44207"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-798"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "USAHERDS", "due_date": "2025-01-13", "date_added": "2024-12-23", "vendorProject": "Acclaim Systems", "vulnerabilityName": "Acclaim Systems USAHERDS Use of Hard-Coded Credentials Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "73b19dc5-0069-45a1-b2b3-ac14f1f04fe5", "vulnerability": {"vulnId": "CVE-2024-12356", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-19T00:00:00+00:00"}, "gcve": {"object_uuid": "73b19dc5-0069-45a1-b2b3-ac14f1f04fe5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-19T00:00:00Z"}, "scope": {"notes": "KEV entry: BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability  | Affected: BeyondTrust / Privileged Remote Access (PRA) and Remote Support (RS)  | Description: BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) contain a command injection vulnerability, which can allow an unauthenticated attacker to inject commands that are run as a site user.  | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 ; https://nvd.nist.gov/vuln/detail/CVE-2024-12356"}, "references": [{"id": "CVE-2024-12356", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-12356"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Privileged Remote Access (PRA) and Remote Support (RS) ", "due_date": "2024-12-27", "date_added": "2024-12-19", "vendorProject": "BeyondTrust", "vulnerabilityName": "BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "277b1460-cb6c-4f64-aca3-6a7e3d6ae114", "vulnerability": {"vulnId": "CVE-2021-40407", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-18T00:00:00+00:00"}, "gcve": {"object_uuid": "277b1460-cb6c-4f64-aca3-6a7e3d6ae114", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Reolink RLC-410W IP Camera OS Command Injection Vulnerability  | Affected: Reolink / RLC-410W IP Camera | Description: Reolink RLC-410W IP cameras contain an authenticated OS command injection vulnerability in the device network settings functionality. | Required action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable. | Due date: 2025-01-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://reolink.com/product-eol/ ; https://reolink.com/download-center/ ; https://nvd.nist.gov/vuln/detail/CVE-2021-40407"}, "references": [{"id": "CVE-2021-40407", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-40407"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "RLC-410W IP Camera", "due_date": "2025-01-08", "date_added": "2024-12-18", "vendorProject": "Reolink", "vulnerabilityName": "Reolink RLC-410W IP Camera OS Command Injection Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7a15a9f7-011d-40c8-ac0e-02e578e36967", "vulnerability": {"vulnId": "CVE-2019-11001", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-18T00:00:00+00:00"}, "gcve": {"object_uuid": "7a15a9f7-011d-40c8-ac0e-02e578e36967", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Reolink Multiple IP Cameras OS Command Injection Vulnerability | Affected: Reolink / Multiple IP Cameras | Description: Reolink RLC-410W, C1 Pro, C2 Pro, RLC-422W, and RLC-511W IP cameras contain an authenticated OS command injection vulnerability. This vulnerability allows an authenticated admin to use the \"TestEmail\" functionality to inject and run OS commands as root. | Required action: The impacted product could be end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue product utilization if a current mitigation is unavailable. | Due date: 2025-01-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://reolink.com/product-eol/ ; https://reolink.com/download-center/ ; https://nvd.nist.gov/vuln/detail/CVE-2019-11001"}, "references": [{"id": "CVE-2019-11001", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-11001"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple IP Cameras", "due_date": "2025-01-08", "date_added": "2024-12-18", "vendorProject": "Reolink", "vulnerabilityName": "Reolink Multiple IP Cameras OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9ae8f4be-c48a-412e-9d6b-64726dde2e1e", "vulnerability": {"vulnId": "CVE-2022-23227", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-18T00:00:00+00:00"}, "gcve": {"object_uuid": "9ae8f4be-c48a-412e-9d6b-64726dde2e1e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-18T00:00:00Z"}, "scope": {"notes": "KEV entry: NUUO NVRmini2 Devices Missing Authentication Vulnerability  | Affected: NUUO / NVRmini2 Devices | Description: NUUO NVRmini2 devices contain a missing authentication vulnerability that allows an unauthenticated attacker to upload an encrypted TAR archive, which can be abused to add arbitrary users.  | Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product. | Due date: 2025-01-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter\uff3fNVRmini-2-and-NVRsolo-series.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2022-23227"}, "references": [{"id": "CVE-2022-23227", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-23227"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NVRmini2 Devices", "due_date": "2025-01-08", "date_added": "2024-12-18", "vendorProject": "NUUO", "vulnerabilityName": "NUUO NVRmini2 Devices Missing Authentication Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1c00523d-0a0a-4f27-9503-1b53dcb48ae6", "vulnerability": {"vulnId": "CVE-2018-14933", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-18T00:00:00+00:00"}, "gcve": {"object_uuid": "1c00523d-0a0a-4f27-9503-1b53dcb48ae6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-18T00:00:00Z"}, "scope": {"notes": "KEV entry: NUUO NVRmini Devices OS Command Injection Vulnerability  | Affected: NUUO / NVRmini Devices | Description: NUUO NVRmini devices contain an OS command injection vulnerability. This vulnerability allows remote command execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command. | Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product. | Due date: 2025-01-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nuuo.com/wp-content/uploads/2023/03/NUUO-EOL-letter%EF%BC%BFNVRmini-2-and-NVRsolo-series.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2018-14933"}, "references": [{"id": "CVE-2018-14933", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-14933"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NVRmini Devices", "due_date": "2025-01-08", "date_added": "2024-12-18", "vendorProject": "NUUO", "vulnerabilityName": "NUUO NVRmini Devices OS Command Injection Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e72315c2-2733-4a5e-8546-9752df9a8b82", "vulnerability": {"vulnId": "CVE-2024-55956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-17T00:00:00+00:00"}, "gcve": {"object_uuid": "e72315c2-2733-4a5e-8546-9752df9a8b82", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Cleo Multiple Products Unauthenticated File Upload Vulnerability | Affected: Cleo / Multiple Products | Description: Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload vulnerability that could allow an unauthenticated user to import and execute arbitrary bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-01-07 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update-CVE-2024-55956 ; https://nvd.nist.gov/vuln/detail/CVE-2024-55956"}, "references": [{"id": "CVE-2024-55956", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-55956"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-276"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-01-07", "date_added": "2024-12-17", "vendorProject": "Cleo", "vulnerabilityName": "Cleo Multiple Products Unauthenticated File Upload Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "e9651404-3a27-42a5-9108-46cfbdca2541", "vulnerability": {"vulnId": "CVE-2024-35250", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-16T00:00:00+00:00"}, "gcve": {"object_uuid": "e9651404-3a27-42a5-9108-46cfbdca2541", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability  | Affected: Microsoft / Windows | Description: Microsoft Windows Kernel-Mode Driver contains an untrusted pointer dereference vulnerability that allows a local attacker to escalate privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-01-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35250 ; https://nvd.nist.gov/vuln/detail/CVE-2024-35250"}, "references": [{"id": "CVE-2024-35250", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-35250"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-822"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2025-01-06", "date_added": "2024-12-16", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel-Mode Driver Untrusted Pointer Dereference Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bf32d8fb-7ccf-4bbe-ad72-a2b622c8af79", "vulnerability": {"vulnId": "CVE-2024-20767", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-16T00:00:00+00:00"}, "gcve": {"object_uuid": "bf32d8fb-7ccf-4bbe-ad72-a2b622c8af79", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Improper Access Control Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe ColdFusion contains an improper access control vulnerability that could allow an attacker to access or modify restricted files via an internet-exposed admin panel. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-01-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-20767"}, "references": [{"id": "CVE-2024-20767", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-20767"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2025-01-06", "date_added": "2024-12-16", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "13ba7b76-4ab9-4563-890b-8e54d0fa4e13", "vulnerability": {"vulnId": "CVE-2024-50623", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-13T00:00:00+00:00"}, "gcve": {"object_uuid": "13ba7b76-4ab9-4563-890b-8e54d0fa4e13", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Cleo Multiple Products Unrestricted File Upload Vulnerability | Affected: Cleo / Multiple Products | Description: Cleo Harmony, VLTrader, and LexiCom, which are managed file transfer products, contain an unrestricted file upload and download vulnerability that can lead to remote code execution with elevated privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2025-01-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://support.cleo.com/hc/en-us/articles/28408134019735-Cleo-Product-Security-Update ; https://nvd.nist.gov/vuln/detail/CVE-2024-50623"}, "references": [{"id": "CVE-2024-50623", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-50623"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2025-01-03", "date_added": "2024-12-13", "vendorProject": "Cleo", "vulnerabilityName": "Cleo Multiple Products Unrestricted File Upload Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "0e496f8d-aa9f-4d86-b1ae-2af98f2d9de7", "vulnerability": {"vulnId": "CVE-2024-49138", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "0e496f8d-aa9f-4d86-b1ae-2af98f2d9de7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Common Log File System (CLFS) driver contains a heap-based buffer overflow vulnerability that allows a local attacker to escalate privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49138 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49138"}, "references": [{"id": "CVE-2024-49138", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-49138"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-12-31", "date_added": "2024-12-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f8280b1b-b59e-4819-a170-9b84531385c1", "vulnerability": {"vulnId": "CVE-2024-51378", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-04T00:00:00+00:00"}, "gcve": {"object_uuid": "f8280b1b-b59e-4819-a170-9b84531385c1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-04T00:00:00Z"}, "scope": {"notes": "KEV entry: CyberPanel Incorrect Default Permissions Vulnerability | Affected: CyberPersons / CyberPanel | Description: CyberPanel contains an incorrect default permissions vulnerability that allows for authentication bypass and the execution of arbitrary commands using shell metacharacters in the statusfile property. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-25 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://cyberpanel.net/KnowledgeBase/home/change-logs/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-51378"}, "references": [{"id": "CVE-2024-51378", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-51378"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-276"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CyberPanel", "due_date": "2024-12-25", "date_added": "2024-12-04", "vendorProject": "CyberPersons", "vulnerabilityName": "CyberPanel Incorrect Default Permissions Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "364fb652-efb8-4d43-98ae-bd053603f8d9", "vulnerability": {"vulnId": "CVE-2024-11680", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-03T00:00:00+00:00"}, "gcve": {"object_uuid": "364fb652-efb8-4d43-98ae-bd053603f8d9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-03T00:00:00Z"}, "scope": {"notes": "KEV entry: ProjectSend Improper Authentication Vulnerability | Affected: ProjectSend / ProjectSend | Description: ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/projectsend/projectsend/commit/193367d937b1a59ed5b68dd4e60bd53317473744 ; https://nvd.nist.gov/vuln/detail/CVE-2024-11680"}, "references": [{"id": "CVE-2024-11680", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-11680"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ProjectSend", "due_date": "2024-12-24", "date_added": "2024-12-03", "vendorProject": "ProjectSend", "vulnerabilityName": "ProjectSend Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d238f277-bf41-4e5a-b0ea-ca64341d173f", "vulnerability": {"vulnId": "CVE-2023-45727", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d238f277-bf41-4e5a-b0ea-ca64341d173f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-03T00:00:00Z"}, "scope": {"notes": "KEV entry: North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability | Affected: North Grid / Proself | Description: North Grid Proself Enterprise/Standard, Gateway, and Mail Sanitize contain an improper restriction of XML External Entity (XXE) reference vulnerability, which could allow a remote, unauthenticated attacker to conduct an XXE attack. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.proself.jp/information/153/ ; https://nvd.nist.gov/vuln/detail/CVE-2023-45727"}, "references": [{"id": "CVE-2023-45727", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-45727"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-611"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Proself", "due_date": "2024-12-24", "date_added": "2024-12-03", "vendorProject": "North Grid", "vulnerabilityName": "North Grid Proself Improper Restriction of XML External Entity (XXE) Reference Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "35edb18b-8e4a-4661-9d65-fe1d6bc3ddb4", "vulnerability": {"vulnId": "CVE-2024-11667", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-12-03T00:00:00+00:00"}, "gcve": {"object_uuid": "35edb18b-8e4a-4661-9d65-fe1d6bc3ddb4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-12-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-12-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel Multiple Firewalls Path Traversal Vulnerability | Affected: Zyxel / Multiple Firewalls | Description: Multiple Zyxel firewalls contain a path traversal vulnerability in the web management interface that could allow an attacker to download or upload files via a crafted URL. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-protecting-against-recent-firewall-threats-11-21-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-11667"}, "references": [{"id": "CVE-2024-11667", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-11667"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Firewalls", "due_date": "2024-12-24", "date_added": "2024-12-03", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel Multiple Firewalls Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "afb6bc71-7c43-4237-b391-f3634108359f", "vulnerability": {"vulnId": "CVE-2023-28461", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-25T00:00:00+00:00"}, "gcve": {"object_uuid": "afb6bc71-7c43-4237-b391-f3634108359f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability | Affected: Array Networks  / AG/vxAG ArrayOS | Description: Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-16 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf ; https://nvd.nist.gov/vuln/detail/CVE-2023-28461"}, "references": [{"id": "CVE-2023-28461", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-28461"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AG/vxAG ArrayOS", "due_date": "2024-12-16", "date_added": "2024-11-25", "vendorProject": "Array Networks ", "vulnerabilityName": "Array Networks AG and vxAG ArrayOS Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "872e5615-108e-456d-8658-e2927f07b9cd", "vulnerability": {"vulnId": "CVE-2024-44309", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-21T00:00:00+00:00"}, "gcve": {"object_uuid": "872e5615-108e-456d-8658-e2927f07b9cd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to a cross-site scripting (XSS) attack. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/121752, https://support.apple.com/en-us/121753, https://support.apple.com/en-us/121754, https://support.apple.com/en-us/121755, https://support.apple.com/en-us/121756 ; https://nvd.nist.gov/vuln/detail/CVE-2024-44309"}, "references": [{"id": "CVE-2024-44309", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-44309"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2024-12-12", "date_added": "2024-11-21", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1dfb27bc-c2fd-45d8-b5a5-735db811b60d", "vulnerability": {"vulnId": "CVE-2024-44308", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-21T00:00:00+00:00"}, "gcve": {"object_uuid": "1dfb27bc-c2fd-45d8-b5a5-735db811b60d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Code Execution Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, macOS, and other Apple products contain an unspecified vulnerability when processing maliciously crafted web content that may lead to arbitrary code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/121752, https://support.apple.com/en-us/121753, https://support.apple.com/en-us/121754, https://support.apple.com/en-us/121755, https://support.apple.com/en-us/121756 ; https://nvd.nist.gov/vuln/detail/CVE-2024-44308"}, "references": [{"id": "CVE-2024-44308", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-44308"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2024-12-12", "date_added": "2024-11-21", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0dddae63-7be6-4f8c-8380-286d4e09b714", "vulnerability": {"vulnId": "CVE-2024-21287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-21T00:00:00+00:00"}, "gcve": {"object_uuid": "0dddae63-7be6-4f8c-8380-286d4e09b714", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability | Affected: Oracle / Agile Product Lifecycle Management (PLM) | Description: Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/alert-cve-2024-21287.html ; https://nvd.nist.gov/vuln/detail/CVE-2024-21287"}, "references": [{"id": "CVE-2024-21287", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21287"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Agile Product Lifecycle Management (PLM)", "due_date": "2024-12-12", "date_added": "2024-11-21", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f956e3aa-3257-4dc8-9772-6fbeaca7055b", "vulnerability": {"vulnId": "CVE-2024-38812", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-20T00:00:00+00:00"}, "gcve": {"object_uuid": "f956e3aa-3257-4dc8-9772-6fbeaca7055b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-20T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server Heap-Based Buffer Overflow Vulnerability | Affected: VMware / vCenter Server | Description: VMware vCenter Server contains a heap-based buffer overflow vulnerability in the implementation of the DCERPC protocol. This vulnerability could allow an attacker with network access to the vCenter Server to execute remote code by sending a specially crafted packet. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38812"}, "references": [{"id": "CVE-2024-38812", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38812"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2024-12-11", "date_added": "2024-11-20", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ebe1f99e-19a3-4ef2-8978-e80d5c4d4a7b", "vulnerability": {"vulnId": "CVE-2024-38813", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-20T00:00:00+00:00"}, "gcve": {"object_uuid": "ebe1f99e-19a3-4ef2-8978-e80d5c4d4a7b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-20T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server Privilege Escalation Vulnerability | Affected: VMware / vCenter Server | Description: VMware vCenter contains an improper check for dropped privileges vulnerability. This vulnerability could allow an attacker with network access to the vCenter Server to escalate privileges to root by sending a specially crafted packet. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38813"}, "references": [{"id": "CVE-2024-38813", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38813"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-250", "CWE-273"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2024-12-11", "date_added": "2024-11-20", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bb589190-de72-4bd9-bfcb-f99937b73288", "vulnerability": {"vulnId": "CVE-2024-0012", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-18T00:00:00+00:00"}, "gcve": {"object_uuid": "bb589190-de72-4bd9-bfcb-f99937b73288", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability | Affected: Palo Alto Networks / PAN-OS | Description: Palo Alto Networks PAN-OS contains an authentication bypass vulnerability in the web-based management interface for several PAN-OS products, including firewalls and VPN concentrators. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, management interface for affected devices should not be exposed to untrusted networks, including the internet. | Due date: 2024-12-09 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://security.paloaltonetworks.com/CVE-2024-0012 ; https://nvd.nist.gov/vuln/detail/CVE-2024-0012"}, "references": [{"id": "CVE-2024-0012", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-0012"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PAN-OS", "due_date": "2024-12-09", "date_added": "2024-11-18", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks PAN-OS Management Interface Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "d08e2367-edbb-4c0b-bd7d-d3479a89ffad", "vulnerability": {"vulnId": "CVE-2024-1212", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-18T00:00:00+00:00"}, "gcve": {"object_uuid": "d08e2367-edbb-4c0b-bd7d-d3479a89ffad", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Progress Kemp LoadMaster OS Command Injection Vulnerability | Affected: Progress / Kemp LoadMaster | Description: Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://community.progress.com/s/article/Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 ; https://nvd.nist.gov/vuln/detail/CVE-2024-1212"}, "references": [{"id": "CVE-2024-1212", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-1212"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kemp LoadMaster", "due_date": "2024-12-09", "date_added": "2024-11-18", "vendorProject": "Progress", "vulnerabilityName": "Progress Kemp LoadMaster OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "95d057e7-23d8-4782-8a3a-475f0d2e495b", "vulnerability": {"vulnId": "CVE-2024-9474", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-18T00:00:00+00:00"}, "gcve": {"object_uuid": "95d057e7-23d8-4782-8a3a-475f0d2e495b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability | Affected: Palo Alto Networks / PAN-OS | Description: Palo Alto Networks PAN-OS contains an OS command injection vulnerability that allows for privilege escalation through the web-based management interface for several PAN products, including firewalls and VPN concentrators. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Additionally, the management interfaces for affected devices should not be exposed to untrusted networks, including the internet. | Due date: 2024-12-09 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://security.paloaltonetworks.com/CVE-2024-9474 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9474"}, "references": [{"id": "CVE-2024-9474", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9474"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PAN-OS", "due_date": "2024-12-09", "date_added": "2024-11-18", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks PAN-OS Management Interface OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "fa5509c3-648b-4302-be22-a23cc5729286", "vulnerability": {"vulnId": "CVE-2024-9463", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "fa5509c3-648b-4302-be22-a23cc5729286", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks Expedition OS Command Injection Vulnerability | Affected: Palo Alto Networks / Expedition | Description: Palo Alto Networks Expedition contains an OS command injection vulnerability that allows an unauthenticated attacker to run arbitrary OS commands as root in Expedition, resulting in disclosure of usernames, cleartext passwords, device configurations, and device API keys of PAN-OS firewalls. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9463"}, "references": [{"id": "CVE-2024-9463", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9463"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Expedition", "due_date": "2024-12-05", "date_added": "2024-11-14", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks Expedition OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "759fd8b5-9dd8-4edd-b19d-c05766b4176d", "vulnerability": {"vulnId": "CVE-2024-9465", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "759fd8b5-9dd8-4edd-b19d-c05766b4176d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks Expedition SQL Injection Vulnerability | Affected: Palo Alto Networks / Expedition | Description: Palo Alto Networks Expedition contains a SQL injection vulnerability that allows an unauthenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. With this, attackers can also create and read arbitrary files on the Expedition system. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.paloaltonetworks.com/PAN-SA-2024-0010 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9465"}, "references": [{"id": "CVE-2024-9465", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9465"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Expedition", "due_date": "2024-12-05", "date_added": "2024-11-14", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks Expedition SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "318678a8-3f9f-4940-843d-ef7f2ce5abc2", "vulnerability": {"vulnId": "CVE-2021-41277", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "318678a8-3f9f-4940-843d-ef7f2ce5abc2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Metabase GeoJSON API Local File Inclusion Vulnerability | Affected: Metabase / Metabase | Description: Metabase contains a local file inclusion vulnerability in the custom map support in the API to read GeoJSON formatted data. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/metabase/metabase/security/advisories/GHSA-w73v-6p7p-fpfr ; https://nvd.nist.gov/vuln/detail/CVE-2021-41277"}, "references": [{"id": "CVE-2021-41277", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-41277"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Metabase", "due_date": "2024-12-03", "date_added": "2024-11-12", "vendorProject": "Metabase", "vulnerabilityName": "Metabase GeoJSON API Local File Inclusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3f166203-cf99-41be-9033-7f8c36f23311", "vulnerability": {"vulnId": "CVE-2024-49039", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "3f166203-cf99-41be-9033-7f8c36f23311", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Task Scheduler Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Task Scheduler contains a privilege escalation vulnerability that can allow an attacker-provided, local application to escalate privileges outside of its AppContainer, and access privileged RPC functions. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-49039 ; https://nvd.nist.gov/vuln/detail/CVE-2024-49039"}, "references": [{"id": "CVE-2024-49039", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-49039"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-12-03", "date_added": "2024-11-12", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Task Scheduler Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "405980e6-e27c-4fdd-8359-acd20d850ac1", "vulnerability": {"vulnId": "CVE-2014-2120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "405980e6-e27c-4fdd-8359-acd20d850ac1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability | Affected: Cisco / Adaptive Security Appliance (ASA) | Description: Cisco Adaptive Security Appliance (ASA) contains a cross-site scripting (XSS) vulnerability in the WebVPN login page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-CVE-2014-2120 ; https://nvd.nist.gov/vuln/detail/CVE-2014-2120"}, "references": [{"id": "CVE-2014-2120", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-2120"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Adaptive Security Appliance (ASA)", "due_date": "2024-12-03", "date_added": "2024-11-12", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Adaptive Security Appliance (ASA) Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a1a960a8-8345-4f67-ba4c-f2c156ecf492", "vulnerability": {"vulnId": "CVE-2024-43451", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "a1a960a8-8345-4f67-ba4c-f2c156ecf492", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows contains an NTLMv2 hash spoofing vulnerability that could result in disclosing a user's NTLMv2 hash to an attacker via a file open operation. The attacker could then leverage this hash to impersonate that user. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43451 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43451"}, "references": [{"id": "CVE-2024-43451", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-43451"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-73"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-12-03", "date_added": "2024-11-12", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows NTLMv2 Hash Disclosure Spoofing Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2592f644-6a45-42f8-8391-3c6da369e26e", "vulnerability": {"vulnId": "CVE-2021-26086", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-12T00:00:00+00:00"}, "gcve": {"object_uuid": "2592f644-6a45-42f8-8391-3c6da369e26e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Jira Server and Data Center Path Traversal Vulnerability | Affected: Atlassian / Jira Server and Data Center | Description: Atlassian Jira Server and Data Center contain a path traversal vulnerability that allows a remote attacker to read particular files in the /WEB-INF/web.xml endpoint. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-12-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://jira.atlassian.com/browse/JRASERVER-72695 ; https://nvd.nist.gov/vuln/detail/CVE-2021-26086"}, "references": [{"id": "CVE-2021-26086", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-26086"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Jira Server and Data Center", "due_date": "2024-12-03", "date_added": "2024-11-12", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Jira Server and Data Center Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1ec72d66-1291-4be7-8894-105a053925fa", "vulnerability": {"vulnId": "CVE-2024-43093", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-07T00:00:00+00:00"}, "gcve": {"object_uuid": "1ec72d66-1291-4be7-8894-105a053925fa", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Framework Privilege Escalation Vulnerability | Affected: Android / Framework | Description: Android Framework contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://source.android.com/docs/security/bulletin/2024-11-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43093"}, "references": [{"id": "CVE-2024-43093", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-43093"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Framework", "due_date": "2024-11-28", "date_added": "2024-11-07", "vendorProject": "Android", "vulnerabilityName": "Android Framework Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9a244593-1a18-488c-b958-136fe4591610", "vulnerability": {"vulnId": "CVE-2024-5910", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-07T00:00:00+00:00"}, "gcve": {"object_uuid": "9a244593-1a18-488c-b958-136fe4591610", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks Expedition Missing Authentication Vulnerability | Affected: Palo Alto Networks / Expedition | Description: Palo Alto Networks Expedition contains a missing authentication vulnerability that allows an attacker with network access to takeover an Expedition admin account and potentially access configuration secrets, credentials, and other data. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.paloaltonetworks.com/CVE-2024-5910 ; https://nvd.nist.gov/vuln/detail/CVE-2024-5910"}, "references": [{"id": "CVE-2024-5910", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-5910"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Expedition", "due_date": "2024-11-28", "date_added": "2024-11-07", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks Expedition Missing Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "12a6bb02-2afb-4b99-b378-77d1d445e936", "vulnerability": {"vulnId": "CVE-2024-51567", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-07T00:00:00+00:00"}, "gcve": {"object_uuid": "12a6bb02-2afb-4b99-b378-77d1d445e936", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-07T00:00:00Z"}, "scope": {"notes": "KEV entry: CyberPanel Incorrect Default Permissions Vulnerability | Affected: CyberPersons / CyberPanel | Description: CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as root. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel ; https://nvd.nist.gov/vuln/detail/CVE-2024-51567"}, "references": [{"id": "CVE-2024-51567", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-51567"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-276"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CyberPanel", "due_date": "2024-11-28", "date_added": "2024-11-07", "vendorProject": "CyberPersons", "vulnerabilityName": "CyberPanel Incorrect Default Permissions Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "afd62616-7166-49ec-8a42-4c2f15f1ff08", "vulnerability": {"vulnId": "CVE-2019-16278", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-07T00:00:00+00:00"}, "gcve": {"object_uuid": "afd62616-7166-49ec-8a42-4c2f15f1ff08", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Nostromo nhttpd Directory Traversal Vulnerability | Affected: Nostromo / nhttpd | Description: Nostromo nhttpd contains a directory traversal vulnerability in the http_verify() function in a non-chrooted nhttpd server allowing for remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.nazgul.ch/dev/nostromo_cl.txt ; https://nvd.nist.gov/vuln/detail/CVE-2019-16278"}, "references": [{"id": "CVE-2019-16278", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-16278"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "nhttpd", "due_date": "2024-11-28", "date_added": "2024-11-07", "vendorProject": "Nostromo", "vulnerabilityName": "Nostromo nhttpd Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3ca635d4-25ad-44d4-93fd-57446a2055a9", "vulnerability": {"vulnId": "CVE-2024-8957", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-04T00:00:00+00:00"}, "gcve": {"object_uuid": "3ca635d4-25ad-44d4-93fd-57446a2055a9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-04T00:00:00Z"}, "scope": {"notes": "KEV entry: PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability | Affected: PTZOptics / PT30X-SDI/NDI Cameras | Description: PTZOptics PT30X-SDI/NDI cameras contain an OS command injection vulnerability that allows a remote, authenticated attacker to escalate privileges to root via a crafted payload with the ntp_addr parameter of the /cgi-bin/param.cgi CGI script.  | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://ptzoptics.com/firmware-changelog/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-8957"}, "references": [{"id": "CVE-2024-8957", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-8957"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PT30X-SDI/NDI Cameras", "due_date": "2024-11-25", "date_added": "2024-11-04", "vendorProject": "PTZOptics", "vulnerabilityName": "PTZOptics PT30X-SDI/NDI Cameras OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d5f6dcfc-46d4-41c0-8713-47182e61cb29", "vulnerability": {"vulnId": "CVE-2024-8956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-11-04T00:00:00+00:00"}, "gcve": {"object_uuid": "d5f6dcfc-46d4-41c0-8713-47182e61cb29", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-11-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-11-04T00:00:00Z"}, "scope": {"notes": "KEV entry: PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability | Affected: PTZOptics / PT30X-SDI/NDI Cameras | Description: PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference (IDOR) vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://ptzoptics.com/firmware-changelog/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-8956"}, "references": [{"id": "CVE-2024-8956", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-8956"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PT30X-SDI/NDI Cameras", "due_date": "2024-11-25", "date_added": "2024-11-04", "vendorProject": "PTZOptics", "vulnerabilityName": "PTZOptics PT30X-SDI/NDI Cameras Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "27262106-2814-422b-8d52-5179e4bbf259", "vulnerability": {"vulnId": "CVE-2024-20481", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "27262106-2814-422b-8d52-5179e4bbf259", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco ASA and FTD Denial-of-Service Vulnerability | Affected: Cisco / Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Description: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a missing release of resource after effective lifetime vulnerability that could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) of the RAVPN service. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW ; https://nvd.nist.gov/vuln/detail/CVE-2024-20481"}, "references": [{"id": "CVE-2024-20481", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-20481"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-772"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)", "due_date": "2024-11-14", "date_added": "2024-10-24", "vendorProject": "Cisco", "vulnerabilityName": "Cisco ASA and FTD Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "149c0087-ea19-4a21-8355-71ebfd149ffa", "vulnerability": {"vulnId": "CVE-2024-37383", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "149c0087-ea19-4a21-8355-71ebfd149ffa", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-24T00:00:00Z"}, "scope": {"notes": "KEV entry: RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability | Affected: Roundcube / Webmail | Description: RoundCube Webmail contains a cross-site scripting (XSS) vulnerability in the handling of SVG animate attributes that allows a remote attacker to run malicious JavaScript code. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/roundcube/roundcubemail/releases/tag/1.5.7, https://github.com/roundcube/roundcubemail/releases/tag/1.6.7 ; https://nvd.nist.gov/vuln/detail/CVE-2024-37383"}, "references": [{"id": "CVE-2024-37383", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-37383"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Webmail", "due_date": "2024-11-14", "date_added": "2024-10-24", "vendorProject": "Roundcube", "vulnerabilityName": "RoundCube Webmail Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ad025cf1-0a97-4d4c-8f90-53a16064d812", "vulnerability": {"vulnId": "CVE-2024-47575", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-23T00:00:00+00:00"}, "gcve": {"object_uuid": "ad025cf1-0a97-4d4c-8f90-53a16064d812", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiManager Missing Authentication Vulnerability | Affected: Fortinet / FortiManager | Description: Fortinet FortiManager contains a missing authentication vulnerability in the fgfmd daemon that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://fortiguard.fortinet.com/psirt/FG-IR-24-423 ; https://nvd.nist.gov/vuln/detail/CVE-2024-47575"}, "references": [{"id": "CVE-2024-47575", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-47575"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiManager", "due_date": "2024-11-13", "date_added": "2024-10-23", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiManager Missing Authentication Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3139d8e4-880d-4a4a-b19b-0015c5d7db01", "vulnerability": {"vulnId": "CVE-2024-38094", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-22T00:00:00+00:00"}, "gcve": {"object_uuid": "3139d8e4-880d-4a4a-b19b-0015c5d7db01", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SharePoint Deserialization Vulnerability | Affected: Microsoft / SharePoint | Description: Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-12 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38094 ; https://nvd.nist.gov/vuln/detail/CVE-2024-38094"}, "references": [{"id": "CVE-2024-38094", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38094"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SharePoint", "due_date": "2024-11-12", "date_added": "2024-10-22", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SharePoint Deserialization Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2c0e9e5d-36c0-41cb-851d-34c5e0eb980f", "vulnerability": {"vulnId": "CVE-2024-9537", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-21T00:00:00+00:00"}, "gcve": {"object_uuid": "2c0e9e5d-36c0-41cb-851d-34c5e0eb980f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-21T00:00:00Z"}, "scope": {"notes": "KEV entry: ScienceLogic SL1 Unspecified Vulnerability | Affected: ScienceLogic / SL1 | Description: ScienceLogic SL1 (formerly EM7) is affected by an unspecified vulnerability involving an unspecified third-party component. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.sciencelogic.com/s/article/15527 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9537"}, "references": [{"id": "CVE-2024-9537", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9537"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SL1", "due_date": "2024-11-11", "date_added": "2024-10-21", "vendorProject": "ScienceLogic", "vulnerabilityName": "ScienceLogic SL1 Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9c437326-e8f6-47c0-8ac3-e583d4d543e3", "vulnerability": {"vulnId": "CVE-2024-40711", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-17T00:00:00+00:00"}, "gcve": {"object_uuid": "9c437326-e8f6-47c0-8ac3-e583d4d543e3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Veeam Backup and Replication Deserialization Vulnerability | Affected: Veeam / Backup & Replication | Description: Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-07 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.veeam.com/kb4649 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40711"}, "references": [{"id": "CVE-2024-40711", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-40711"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Backup & Replication", "due_date": "2024-11-07", "date_added": "2024-10-17", "vendorProject": "Veeam", "vulnerabilityName": "Veeam Backup and Replication Deserialization Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "fb309fb7-793a-4ef2-82c1-7d90e3278c31", "vulnerability": {"vulnId": "CVE-2024-9680", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-15T00:00:00+00:00"}, "gcve": {"object_uuid": "fb309fb7-793a-4ef2-82c1-7d90e3278c31", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Firefox Use-After-Free Vulnerability | Affected: Mozilla / Firefox | Description: Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ ; https://nvd.nist.gov/vuln/detail/CVE-2024-9680"}, "references": [{"id": "CVE-2024-9680", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9680"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firefox", "due_date": "2024-11-05", "date_added": "2024-10-15", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Firefox Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8d4b0c92-f560-441c-8fd5-f910d1539b64", "vulnerability": {"vulnId": "CVE-2024-28987", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-15T00:00:00+00:00"}, "gcve": {"object_uuid": "8d4b0c92-f560-441c-8fd5-f910d1539b64", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-15T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Web Help Desk Hardcoded Credential Vulnerability | Affected: SolarWinds / Web Help Desk | Description: SolarWinds Web Help Desk contains a hardcoded credential vulnerability that could allow a remote, unauthenticated user to access internal functionality and modify data. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28987 ; https://nvd.nist.gov/vuln/detail/CVE-2024-28987"}, "references": [{"id": "CVE-2024-28987", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-28987"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-798"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Web Help Desk", "due_date": "2024-11-05", "date_added": "2024-10-15", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Web Help Desk Hardcoded Credential Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "425f8459-7ade-48f4-9d2e-8b5d809e3e44", "vulnerability": {"vulnId": "CVE-2024-30088", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-15T00:00:00+00:00"}, "gcve": {"object_uuid": "425f8459-7ade-48f4-9d2e-8b5d809e3e44", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel TOCTOU Race Condition Vulnerability | Affected: Microsoft / Windows  | Description: Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.  | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-11-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-30088 ; https://nvd.nist.gov/vuln/detail/CVE-2024-30088"}, "references": [{"id": "CVE-2024-30088", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-30088"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-367"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows ", "due_date": "2024-11-05", "date_added": "2024-10-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel TOCTOU Race Condition Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "78a4f3c7-077d-4afa-945e-9cc0d076a86d", "vulnerability": {"vulnId": "CVE-2024-23113", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-09T00:00:00+00:00"}, "gcve": {"object_uuid": "78a4f3c7-077d-4afa-945e-9cc0d076a86d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet Multiple Products Format String Vulnerability | Affected: Fortinet / Multiple Products | Description: Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb contain a format string vulnerability that allows a remote, unauthenticated attacker to execute arbitrary code or commands via specially crafted requests. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.fortiguard.com/psirt/FG-IR-24-029 ; https://nvd.nist.gov/vuln/detail/CVE-2024-23113"}, "references": [{"id": "CVE-2024-23113", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23113"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-134"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2024-10-30", "date_added": "2024-10-09", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet Multiple Products Format String Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f8102ee2-3cbe-4d4e-b718-aa53d0688fe5", "vulnerability": {"vulnId": "CVE-2024-9379", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-09T00:00:00+00:00"}, "gcve": {"object_uuid": "f8102ee2-3cbe-4d4e-b718-aa53d0688fe5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability | Affected: Ivanti / Cloud Services Appliance (CSA) | Description: Ivanti Cloud Services Appliance (CSA) contains a SQL injection vulnerability in the admin web console in versions prior to 5.0.2, which can allow a remote attacker authenticated as administrator to run arbitrary SQL statements. | Required action: As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution. | Due date: 2024-10-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9379"}, "references": [{"id": "CVE-2024-9379", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9379"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Cloud Services Appliance (CSA)", "due_date": "2024-10-30", "date_added": "2024-10-09", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d82e641f-e90f-451d-a13e-2aa4eecf8343", "vulnerability": {"vulnId": "CVE-2024-9380", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-09T00:00:00+00:00"}, "gcve": {"object_uuid": "d82e641f-e90f-451d-a13e-2aa4eecf8343", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability | Affected: Ivanti / Cloud Services Appliance (CSA) | Description: Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS. | Required action: As Ivanti CSA 4.6.x has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line, or later, of supported solution. | Due date: 2024-10-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-Cloud-Services-Appliance-CVE-2024-9379-CVE-2024-9380-CVE-2024-9381 ; https://nvd.nist.gov/vuln/detail/CVE-2024-9380"}, "references": [{"id": "CVE-2024-9380", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-9380"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Cloud Services Appliance (CSA)", "due_date": "2024-10-30", "date_added": "2024-10-09", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c1cdf356-2e08-455d-ad1b-1d6281ca2af2", "vulnerability": {"vulnId": "CVE-2024-43047", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-08T00:00:00+00:00"}, "gcve": {"object_uuid": "c1cdf356-2e08-455d-ad1b-1d6281ca2af2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Use-After-Free Vulnerability | Affected: Qualcomm / Multiple Chipsets  | Description: Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services while maintaining memory maps of HLOS memory.  | Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. | Due date: 2024-10-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://git.codelinaro.org/clo/la/platform/vendor/qcom/opensource/dsp-kernel/-/commit/0e27b6c7d2bd8d0453e4465ac2ca49a8f8c440e2 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43047"}, "references": [{"id": "CVE-2024-43047", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-43047"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets ", "due_date": "2024-10-29", "date_added": "2024-10-08", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "50eb3076-92f7-48c0-b998-53480c24982e", "vulnerability": {"vulnId": "CVE-2024-43573", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-08T00:00:00+00:00"}, "gcve": {"object_uuid": "50eb3076-92f7-48c0-b998-53480c24982e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows MSHTML Platform Spoofing Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows MSHTML Platform contains an unspecified spoofing vulnerability which can lead to a loss of confidentiality. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43573 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43573"}, "references": [{"id": "CVE-2024-43573", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-43573"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-10-29", "date_added": "2024-10-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows MSHTML Platform Spoofing Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e4802fe1-c167-4b48-86c2-55f0435e76a2", "vulnerability": {"vulnId": "CVE-2024-43572", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-08T00:00:00+00:00"}, "gcve": {"object_uuid": "e4802fe1-c167-4b48-86c2-55f0435e76a2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Management Console Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Management Console contains unspecified vulnerability that allows for remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/advisory/CVE-2024-43572 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43572"}, "references": [{"id": "CVE-2024-43572", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-43572"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-707"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-10-29", "date_added": "2024-10-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Management Console Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ca550ce6-190e-460d-a052-c77cd8457862", "vulnerability": {"vulnId": "CVE-2024-45519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ca550ce6-190e-460d-a052-c77cd8457862", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains an unspecified vulnerability in the postjournal service that may allow an unauthenticated user to execute commands. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.zimbra.com/wiki/Zimbra_Security_Advisories ; https://nvd.nist.gov/vuln/detail/CVE-2024-45519"}, "references": [{"id": "CVE-2024-45519", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-45519"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2024-10-24", "date_added": "2024-10-03", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Command Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7e38675c-5d0e-4672-b2ef-4dfe9a786fbf", "vulnerability": {"vulnId": "CVE-2024-29824", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-10-02T00:00:00+00:00"}, "gcve": {"object_uuid": "7e38675c-5d0e-4672-b2ef-4dfe9a786fbf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-10-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-10-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability | Affected: Ivanti / Endpoint Manager (EPM) | Description: Ivanti Endpoint Manager (EPM) contains a SQL injection vulnerability in Core server that allows an unauthenticated attacker within the same network to execute arbitrary code.  | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.ivanti.com/s/article/Security-Advisory-May-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29824"}, "references": [{"id": "CVE-2024-29824", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-29824"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Endpoint Manager (EPM)", "due_date": "2024-10-23", "date_added": "2024-10-02", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9f795a1a-8577-4134-b5fa-ceb1afc2178c", "vulnerability": {"vulnId": "CVE-2020-15415", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9f795a1a-8577-4134-b5fa-ceb1afc2178c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-30T00:00:00Z"}, "scope": {"notes": "KEV entry: DrayTek Multiple Vigor Routers OS Command Injection Vulnerability | Affected: DrayTek / Multiple Vigor Routers | Description: DrayTek Vigor3900, Vigor2960, and Vigor300B devices contain an OS command injection vulnerability in cgi-bin/mainfunction.cgi/cvmcfgupload that allows for remote code execution via shell metacharacters in a filename when the text/x-python-script content type is used. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.draytek.com/about/security-advisory/vigor3900-/-vigor2960-/-vigor300b-remote-code-injection/execution-vulnerability-(cve-2020-14472) ; https://nvd.nist.gov/vuln/detail/CVE-2020-15415"}, "references": [{"id": "CVE-2020-15415", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-15415"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Vigor Routers", "due_date": "2024-10-21", "date_added": "2024-09-30", "vendorProject": "DrayTek", "vulnerabilityName": "DrayTek Multiple Vigor Routers OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2aba82e2-366e-4e45-9995-9dc94575a78b", "vulnerability": {"vulnId": "CVE-2023-25280", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2aba82e2-366e-4e45-9995-9dc94575a78b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-30T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DIR-820 Router OS Command Injection Vulnerability | Affected: D-Link / DIR-820 Router | Description: D-Link DIR-820 routers contain an OS command injection vulnerability that allows a remote, unauthenticated attacker to escalate privileges to root via a crafted payload with the ping_addr parameter to ping.ccp. | Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product. | Due date: 2024-10-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10358 ; https://nvd.nist.gov/vuln/detail/CVE-2023-25280"}, "references": [{"id": "CVE-2023-25280", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-25280"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DIR-820 Router", "due_date": "2024-10-21", "date_added": "2024-09-30", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DIR-820 Router OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b9ce48fa-439a-4816-8c83-e5f6342fd395", "vulnerability": {"vulnId": "CVE-2019-0344", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-30T00:00:00+00:00"}, "gcve": {"object_uuid": "b9ce48fa-439a-4816-8c83-e5f6342fd395", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-30T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability | Affected: SAP / Commerce Cloud | Description: SAP Commerce Cloud (formerly known as Hybris) contains a deserialization of untrusted data vulnerability within the mediaconversion and virtualjdbc extension that allows for code injection. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://web.archive.org/web/20191214053020/https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523998017 ; https://nvd.nist.gov/vuln/detail/CVE-2019-0344"}, "references": [{"id": "CVE-2019-0344", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0344"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Commerce Cloud", "due_date": "2024-10-21", "date_added": "2024-09-30", "vendorProject": "SAP", "vulnerabilityName": "SAP Commerce Cloud Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e0eef9e6-4e85-4db1-b6a0-5c7e59636657", "vulnerability": {"vulnId": "CVE-2024-7593", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-24T00:00:00+00:00"}, "gcve": {"object_uuid": "e0eef9e6-4e85-4db1-b6a0-5c7e59636657", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability | Affected: Ivanti / Virtual Traffic Manager | Description: Ivanti Virtual Traffic Manager contains an authentication bypass vulnerability that allows a remote, unauthenticated attacker to create a chosen administrator account. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593 ; https://nvd.nist.gov/vuln/detail/CVE-2024-7593"}, "references": [{"id": "CVE-2024-7593", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-7593"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287", "CWE-303"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Virtual Traffic Manager", "due_date": "2024-10-15", "date_added": "2024-09-24", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fd0d81fa-ad56-4d97-86a1-7561ad5c8520", "vulnerability": {"vulnId": "CVE-2024-8963", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-19T00:00:00+00:00"}, "gcve": {"object_uuid": "fd0d81fa-ad56-4d97-86a1-7561ad5c8520", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability | Affected: Ivanti / Cloud Services Appliance (CSA) | Description: Ivanti Cloud Services Appliance (CSA) contains a path traversal vulnerability that could allow a remote, unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in conjunction with CVE-2024-8190, an attacker could bypass admin authentication and execute arbitrary commands on the appliance. | Required action: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive security updates. | Due date: 2024-10-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963 ; https://nvd.nist.gov/vuln/detail/CVE-2024-8963"}, "references": [{"id": "CVE-2024-8963", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-8963"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Cloud Services Appliance (CSA)", "due_date": "2024-10-10", "date_added": "2024-09-19", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Cloud Services Appliance (CSA) Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a87d0113-9c53-48cd-9e90-4373c1364376", "vulnerability": {"vulnId": "CVE-2020-14644", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "a87d0113-9c53-48cd-9e90-4373c1364376", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle WebLogic Server Remote Code Execution Vulnerability | Affected: Oracle / WebLogic Server | Description: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/cpujul2020.html  ;  https://nvd.nist.gov/vuln/detail/CVE-2020-14644"}, "references": [{"id": "CVE-2020-14644", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-14644"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebLogic Server", "due_date": "2024-10-09", "date_added": "2024-09-18", "vendorProject": "Oracle", "vulnerabilityName": "Oracle WebLogic Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "35eeac4e-0705-4912-b847-aa5c0980ae12", "vulnerability": {"vulnId": "CVE-2022-21445", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "35eeac4e-0705-4912-b847-aa5c0980ae12", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle ADF Faces Deserialization of Untrusted Data Vulnerability | Affected: Oracle / ADF Faces | Description: Oracle ADF Faces library, included with Oracle JDeveloper Distribution, contains a deserialization of untrusted data vulnerability leading to unauthenticated remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/cpuapr2022.html  ;  https://nvd.nist.gov/vuln/detail/CVE-2022-21445"}, "references": [{"id": "CVE-2022-21445", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-21445"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ADF Faces", "due_date": "2024-10-09", "date_added": "2024-09-18", "vendorProject": "Oracle", "vulnerabilityName": "Oracle ADF Faces Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5cdc04e3-5b02-4d6d-a9c4-18329b595dcd", "vulnerability": {"vulnId": "CVE-2020-0618", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "5cdc04e3-5b02-4d6d-a9c4-18329b595dcd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability | Affected: Microsoft / SQL Server | Description: Microsoft SQL Server Reporting Services contains a deserialization vulnerability when handling page requests incorrectly. An authenticated attacker can exploit this vulnerability to execute code in the context of the Report Server service account. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2020-0618  ;  https://nvd.nist.gov/vuln/detail/CVE-2020-0618"}, "references": [{"id": "CVE-2020-0618", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0618"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SQL Server", "due_date": "2024-10-09", "date_added": "2024-09-18", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SQL Server Reporting Services Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d7b1e7b0-a95e-46bd-8f3a-d1968dfa657b", "vulnerability": {"vulnId": "CVE-2024-27348", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "d7b1e7b0-a95e-46bd-8f3a-d1968dfa657b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache HugeGraph-Server Improper Access Control Vulnerability | Affected: Apache / HugeGraph-Server | Description: Apache HugeGraph-Server contains an improper access control vulnerability that could allow a remote attacker to execute arbitrary code. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see:  https://lists.apache.org/thread/nx6g6htyhpgtzsocybm242781o8w5kq9 ; https://nvd.nist.gov/vuln/detail/CVE-2024-27348"}, "references": [{"id": "CVE-2024-27348", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-27348"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HugeGraph-Server", "due_date": "2024-10-09", "date_added": "2024-09-18", "vendorProject": "Apache", "vulnerabilityName": "Apache HugeGraph-Server Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f7a8a45d-597e-429a-9fc6-3f6d2c2f09b9", "vulnerability": {"vulnId": "CVE-2013-0648", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-17T00:00:00+00:00"}, "gcve": {"object_uuid": "f7a8a45d-597e-429a-9fc6-3f6d2c2f09b9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Code Execution Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains an unspecified vulnerability in the ExternalInterface ActionScript functionality that allows a remote attacker to execute arbitrary code via crafted SWF content. | Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product. | Due date: 2024-10-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0648"}, "references": [{"id": "CVE-2013-0648", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0648"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2024-10-08", "date_added": "2024-09-17", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a40f51ca-f60c-4d4f-8535-b77305a28001", "vulnerability": {"vulnId": "CVE-2013-0643", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-17T00:00:00+00:00"}, "gcve": {"object_uuid": "a40f51ca-f60c-4d4f-8535-b77305a28001", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Incorrect Default Permissions Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains an incorrect default permissions vulnerability in the Firefox sandbox that allows a remote attacker to execute arbitrary code via crafted SWF content.  | Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product. | Due date: 2024-10-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2013-0643"}, "references": [{"id": "CVE-2013-0643", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0643"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2024-10-08", "date_added": "2024-09-17", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Incorrect Default Permissions Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "07a01cb7-2301-43ae-b969-787a8a31fadc", "vulnerability": {"vulnId": "CVE-2014-0497", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-17T00:00:00+00:00"}, "gcve": {"object_uuid": "07a01cb7-2301-43ae-b969-787a8a31fadc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Integer Underflow Vulnerablity | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains an integer underflow vulnerability that allows a remote attacker to execute arbitrary code. | Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product. | Due date: 2024-10-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2014-0497"}, "references": [{"id": "CVE-2014-0497", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-0497"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-191"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2024-10-08", "date_added": "2024-09-17", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Integer Underflow Vulnerablity", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "aa243777-5c8e-4619-9721-5c47968446d0", "vulnerability": {"vulnId": "CVE-2014-0502", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-17T00:00:00+00:00"}, "gcve": {"object_uuid": "aa243777-5c8e-4619-9721-5c47968446d0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Double Free Vulnerablity | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains a double free vulnerability that allows a remote attacker to execute arbitrary code. | Required action: The impacted product is end-of-life (EoL) and/or end-of-service (EoS). Users should discontinue utilization of the product. | Due date: 2024-10-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.adobe.com/products/flashplayer/end-of-life-alternative.html#eol-alternative-faq ; https://nvd.nist.gov/vuln/detail/CVE-2014-0502"}, "references": [{"id": "CVE-2014-0502", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-0502"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2024-10-08", "date_added": "2024-09-17", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Double Free Vulnerablity", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d1c5628a-2c43-4149-930d-28e6f1a3a20d", "vulnerability": {"vulnId": "CVE-2024-43461", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-16T00:00:00+00:00"}, "gcve": {"object_uuid": "d1c5628a-2c43-4149-930d-28e6f1a3a20d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows MSHTML Platform Spoofing Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows MSHTML Platform contains a user interface (UI) misrepresentation of critical information vulnerability that allows an attacker to spoof a web page. This vulnerability was exploited in conjunction with CVE-2024-38112. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43461 ; https://nvd.nist.gov/vuln/detail/CVE-2024-43461"}, "references": [{"id": "CVE-2024-43461", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-43461"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-451"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-10-07", "date_added": "2024-09-16", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows MSHTML Platform Spoofing Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "46dcdbb6-3332-45a4-9e0f-0d166483c857", "vulnerability": {"vulnId": "CVE-2024-6670", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-16T00:00:00+00:00"}, "gcve": {"object_uuid": "46dcdbb6-3332-45a4-9e0f-0d166483c857", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Progress WhatsUp Gold SQL Injection Vulnerability | Affected: Progress / WhatsUp Gold | Description: Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-07 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024 ; https://nvd.nist.gov/vuln/detail/CVE-2024-6670"}, "references": [{"id": "CVE-2024-6670", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-6670"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WhatsUp Gold", "due_date": "2024-10-07", "date_added": "2024-09-16", "vendorProject": "Progress", "vulnerabilityName": "Progress WhatsUp Gold SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "6a363d91-a185-4437-93b3-1545e65af4e7", "vulnerability": {"vulnId": "CVE-2024-8190", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-13T00:00:00+00:00"}, "gcve": {"object_uuid": "6a363d91-a185-4437-93b3-1545e65af4e7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Cloud Services Appliance OS Command Injection Vulnerability | Affected: Ivanti / Cloud Services Appliance | Description: Ivanti Cloud Services Appliance (CSA) contains an OS command injection vulnerability in the administrative console which can allow an authenticated attacker with application admin privileges to pass commands to the underlying OS. | Required action: As Ivanti CSA has reached End-of-Life status, users are urged to remove CSA 4.6.x from service or upgrade to the 5.0.x line of supported solutions, as future vulnerabilities on the 4.6.x version of CSA are unlikely to receive future security updates. | Due date: 2024-10-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190; https://nvd.nist.gov/vuln/detail/CVE-2024-8190"}, "references": [{"id": "CVE-2024-8190", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-8190"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Cloud Services Appliance", "due_date": "2024-10-04", "date_added": "2024-09-13", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Cloud Services Appliance OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b40317e0-827e-49f6-9d88-4c6df33e8ca4", "vulnerability": {"vulnId": "CVE-2024-38014", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-10T00:00:00+00:00"}, "gcve": {"object_uuid": "b40317e0-827e-49f6-9d88-4c6df33e8ca4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Installer Improper Privilege Management Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Installer contains an improper privilege management vulnerability that could allow an attacker to gain SYSTEM privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38014; https://nvd.nist.gov/vuln/detail/CVE-2024-38014"}, "references": [{"id": "CVE-2024-38014", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38014"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-10-01", "date_added": "2024-09-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Installer Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "90d730d2-db0a-40f2-9804-cc8b774af21d", "vulnerability": {"vulnId": "CVE-2024-38217", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-10T00:00:00+00:00"}, "gcve": {"object_uuid": "90d730d2-db0a-40f2-9804-cc8b774af21d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Mark of the Web (MOTW) contains a protection mechanism failure vulnerability that allows an attacker to bypass MOTW-based defenses. This can result in a limited loss of integrity and availability of security features such as Protected View in Microsoft Office, which rely on MOTW tagging. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38217; https://nvd.nist.gov/vuln/detail/CVE-2024-38217"}, "references": [{"id": "CVE-2024-38217", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38217"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-693"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-10-01", "date_added": "2024-09-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Mark of the Web (MOTW) Protection Mechanism Failure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "798f0bec-7044-4d0b-ad08-cfeb2a325c2c", "vulnerability": {"vulnId": "CVE-2024-38226", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-10T00:00:00+00:00"}, "gcve": {"object_uuid": "798f0bec-7044-4d0b-ad08-cfeb2a325c2c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Publisher Protection Mechanism Failure Vulnerability | Affected: Microsoft / Publisher | Description: Microsoft Publisher contains a protection mechanism failure vulnerability that allows attacker to bypass Office macro policies used to block untrusted or malicious files. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-10-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38226; https://nvd.nist.gov/vuln/detail/CVE-2024-38226"}, "references": [{"id": "CVE-2024-38226", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38226"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-693"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Publisher", "due_date": "2024-10-01", "date_added": "2024-09-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Publisher Protection Mechanism Failure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "01044f81-c94c-457c-ac75-a2864ed88968", "vulnerability": {"vulnId": "CVE-2024-40766", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-09T00:00:00+00:00"}, "gcve": {"object_uuid": "01044f81-c94c-457c-ac75-a2864ed88968", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-09T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SonicOS Improper Access Control Vulnerability | Affected: SonicWall / SonicOS | Description: SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-30 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015; https://www.sonicwall.com/support/notices/gen-7-and-newer-sonicwall-firewalls-sslvpn-recent-threat-activity/kA1VN0000000RDG0A2 ; https://nvd.nist.gov/vuln/detail/CVE-2024-40766"}, "references": [{"id": "CVE-2024-40766", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-40766"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SonicOS", "due_date": "2024-09-30", "date_added": "2024-09-09", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SonicOS Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "94a87d91-f9f4-4918-846a-7e551dd2363c", "vulnerability": {"vulnId": "CVE-2017-1000253", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-09T00:00:00+00:00"}, "gcve": {"object_uuid": "94a87d91-f9f4-4918-846a-7e551dd2363c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel PIE Stack Buffer Corruption Vulnerability  | Affected: Linux / Kernel | Description: Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.  | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-30 | Known ransomware campaign use (KEV): Known | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a87938b2e246b81b4fb713edb371a9fa3c5c3c86; https://nvd.nist.gov/vuln/detail/CVE-2017-1000253"}, "references": [{"id": "CVE-2017-1000253", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-1000253"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2024-09-30", "date_added": "2024-09-09", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel PIE Stack Buffer Corruption Vulnerability ", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "b941d9f0-dec9-4c54-ae27-acf53d9c8496", "vulnerability": {"vulnId": "CVE-2016-3714", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-09T00:00:00+00:00"}, "gcve": {"object_uuid": "b941d9f0-dec9-4c54-ae27-acf53d9c8496", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-09T00:00:00Z"}, "scope": {"notes": "KEV entry: ImageMagick Improper Input Validation Vulnerability | Affected: ImageMagick / ImageMagick | Description: ImageMagick contains an improper input validation vulnerability that affects the EPHEMERAL, HTTPS, MVG, MSL, TEXT, SHOW, WIN, and PLT coders. This allows a remote attacker to execute arbitrary code via shell metacharacters in a crafted image. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588#p132726, https://imagemagick.org/archive/releases/; https://nvd.nist.gov/vuln/detail/CVE-2016-3714"}, "references": [{"id": "CVE-2016-3714", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3714"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ImageMagick", "due_date": "2024-09-30", "date_added": "2024-09-09", "vendorProject": "ImageMagick", "vulnerabilityName": "ImageMagick Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d5a88f2c-23b2-4110-a813-8c6267c63fe5", "vulnerability": {"vulnId": "CVE-2024-7262", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d5a88f2c-23b2-4110-a813-8c6267c63fe5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Kingsoft WPS Office Path Traversal Vulnerability | Affected: Kingsoft / WPS Office | Description: Kingsoft WPS Office contains a path traversal vulnerability in promecefpluginhost.exe on Windows that allows an attacker to load an arbitrary Windows library. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): While CISA cannot confirm the effectiveness of patches at this time, it is recommended that mitigations be applied per vendor instructions if available. If these instructions cannot be located or if mitigations are unavailable, discontinue the use of the product.;   https://nvd.nist.gov/vuln/detail/CVE-2024-7262"}, "references": [{"id": "CVE-2024-7262", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-7262"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WPS Office", "due_date": "2024-09-24", "date_added": "2024-09-03", "vendorProject": "Kingsoft", "vulnerabilityName": "Kingsoft WPS Office Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4dc64d78-4417-4bd2-b473-bd8413c80b7a", "vulnerability": {"vulnId": "CVE-2021-20124", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4dc64d78-4417-4bd2-b473-bd8413c80b7a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Draytek VigorConnect Path Traversal Vulnerability  | Affected: DrayTek / VigorConnect | Description: Draytek VigorConnect contains a path traversal vulnerability in the file download functionality of the WebServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.draytek.com/about/security-advisory/vigorconnect-software-security-vulnerability-(cve-2021-20123-cve-2021-20129); https://nvd.nist.gov/vuln/detail/CVE-2021-20124"}, "references": [{"id": "CVE-2021-20124", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20124"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VigorConnect", "due_date": "2024-09-24", "date_added": "2024-09-03", "vendorProject": "DrayTek", "vulnerabilityName": "Draytek VigorConnect Path Traversal Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2871ee5c-9b11-4406-902b-2637ecee16c5", "vulnerability": {"vulnId": "CVE-2021-20123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-09-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2871ee5c-9b11-4406-902b-2637ecee16c5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-09-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-09-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Draytek VigorConnect Path Traversal Vulnerability  | Affected: DrayTek / VigorConnect | Description: Draytek VigorConnect contains a path traversal vulnerability in the DownloadFileServlet endpoint. An unauthenticated attacker could leverage this vulnerability to download arbitrary files from the underlying operating system with root privileges.  | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.draytek.com/about/security-advisory/vigorconnect-software-security-vulnerability-(cve-2021-20123-cve-2021-20129); https://nvd.nist.gov/vuln/detail/CVE-2021-20123"}, "references": [{"id": "CVE-2021-20123", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20123"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VigorConnect", "due_date": "2024-09-24", "date_added": "2024-09-03", "vendorProject": "DrayTek", "vulnerabilityName": "Draytek VigorConnect Path Traversal Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ff105c32-9369-4cd3-85bf-2e2277f5a831", "vulnerability": {"vulnId": "CVE-2024-7965", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-28T00:00:00+00:00"}, "gcve": {"object_uuid": "ff105c32-9369-4cd3-85bf-2e2277f5a831", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Inappropriate Implementation Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html; https://nvd.nist.gov/vuln/detail/CVE-2024-7965"}, "references": [{"id": "CVE-2024-7965", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-7965"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-358"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2024-09-18", "date_added": "2024-08-28", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Inappropriate Implementation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4645e397-736b-45b9-b691-2ec5c8a89595", "vulnerability": {"vulnId": "CVE-2024-38856", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-27T00:00:00+00:00"}, "gcve": {"object_uuid": "4645e397-736b-45b9-b691-2ec5c8a89595", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-27T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache OFBiz Incorrect Authorization Vulnerability | Affected: Apache / OFBiz | Description: Apache OFBiz contains an incorrect authorization vulnerability that could allow remote code execution via a Groovy payload in the context of the OFBiz user process by an unauthenticated attacker. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/olxxjk6b13sl3wh9cmp0k2dscvp24l7w; https://nvd.nist.gov/vuln/detail/CVE-2024-38856"}, "references": [{"id": "CVE-2024-38856", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38856"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "OFBiz", "due_date": "2024-09-17", "date_added": "2024-08-27", "vendorProject": "Apache", "vulnerabilityName": "Apache OFBiz Incorrect Authorization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9249982c-d874-42e8-b08b-94b165cc561e", "vulnerability": {"vulnId": "CVE-2024-7971", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-26T00:00:00+00:00"}, "gcve": {"object_uuid": "9249982c-d874-42e8-b08b-94b165cc561e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html; https://nvd.nist.gov/vuln/detail/CVE-2024-7971"}, "references": [{"id": "CVE-2024-7971", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-7971"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2024-09-16", "date_added": "2024-08-26", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ce826ec3-906e-48a5-98c7-b548692c68d9", "vulnerability": {"vulnId": "CVE-2024-39717", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-23T00:00:00+00:00"}, "gcve": {"object_uuid": "ce826ec3-906e-48a5-98c7-b548692c68d9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Versa Director Dangerous File Type Upload Vulnerability | Affected: Versa / Director | Description: The Versa Director GUI contains an unrestricted upload of file with dangerous type vulnerability that allows administrators with Provider-Data-Center-Admin or Provider-Data-Center-System-Admin privileges to customize the user interface. The \u201cChange Favicon\u201d (Favorite Icon) enables the upload of a .png file, which can be exploited to upload a malicious file with a .png extension disguised as an image. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/;   https://nvd.nist.gov/vuln/detail/CVE-2024-39717"}, "references": [{"id": "CVE-2024-39717", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-39717"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Director", "due_date": "2024-09-13", "date_added": "2024-08-23", "vendorProject": "Versa", "vulnerabilityName": "Versa Director Dangerous File Type Upload Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "92214201-0c47-4ca3-8db8-1be3d1638c79", "vulnerability": {"vulnId": "CVE-2021-33045", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "92214201-0c47-4ca3-8db8-1be3d1638c79", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Dahua IP Camera Authentication Bypass Vulnerability | Affected: Dahua / IP Camera Firmware | Description: Dahua IP cameras and related products contain an authentication bypass vulnerability when the loopback device is specified by the client during authentication. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582; https://nvd.nist.gov/vuln/detail/CVE-2021-33045"}, "references": [{"id": "CVE-2021-33045", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-33045"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IP Camera Firmware", "due_date": "2024-09-11", "date_added": "2024-08-21", "vendorProject": "Dahua", "vulnerabilityName": "Dahua IP Camera Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b0761058-0071-40eb-b71d-8cfad0debfbb", "vulnerability": {"vulnId": "CVE-2021-31196", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "b0761058-0071-40eb-b71d-8cfad0debfbb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Information Disclosure Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an information disclosure vulnerability that allows for remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2021-31196; https://nvd.nist.gov/vuln/detail/CVE-2021-31196"}, "references": [{"id": "CVE-2021-31196", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-31196"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2024-09-11", "date_added": "2024-08-21", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3553d037-288c-4e32-bd9a-0178723e6db0", "vulnerability": {"vulnId": "CVE-2022-0185", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "3553d037-288c-4e32-bd9a-0178723e6db0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Heap-Based Buffer Overflow Vulnerability | Affected: Linux / Kernel | Description: Linux kernel contains a heap-based buffer overflow vulnerability in the legacy_parse_param function in the Filesystem Context functionality. This allows an attacker to open a filesystem that does not support the Filesystem Context API and ultimately escalate privileges. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2024-09-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=722d94847de2; https://nvd.nist.gov/vuln/detail/CVE-2022-0185"}, "references": [{"id": "CVE-2022-0185", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-0185"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2024-09-11", "date_added": "2024-08-21", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dce997bc-ff11-4f87-93e5-2cd019df0a91", "vulnerability": {"vulnId": "CVE-2021-33044", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "dce997bc-ff11-4f87-93e5-2cd019df0a91", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Dahua IP Camera Authentication Bypass Vulnerability | Affected: Dahua / IP Camera Firmware | Description: Dahua IP cameras and related products contain an authentication bypass vulnerability when the NetKeyboard type argument is specified by the client during authentication. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.dahuasecurity.com/aboutUs/trustedCenter/details/582; https://nvd.nist.gov/vuln/detail/CVE-2021-33044"}, "references": [{"id": "CVE-2021-33044", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-33044"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IP Camera Firmware", "due_date": "2024-09-11", "date_added": "2024-08-21", "vendorProject": "Dahua", "vulnerabilityName": "Dahua IP Camera Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a123c8e0-d881-4681-aa01-7635ba448bdf", "vulnerability": {"vulnId": "CVE-2024-23897", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-19T00:00:00+00:00"}, "gcve": {"object_uuid": "a123c8e0-d881-4681-aa01-7635ba448bdf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Jenkins Command Line Interface (CLI) Path Traversal Vulnerability | Affected: Jenkins / Jenkins Command Line Interface (CLI) | Description: Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-09 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314; https://nvd.nist.gov/vuln/detail/CVE-2024-23897"}, "references": [{"id": "CVE-2024-23897", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23897"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-27"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Jenkins Command Line Interface (CLI)", "due_date": "2024-09-09", "date_added": "2024-08-19", "vendorProject": "Jenkins", "vulnerabilityName": "Jenkins Command Line Interface (CLI) Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8c25169b-2933-442f-9966-61d3feb84bff", "vulnerability": {"vulnId": "CVE-2024-28986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-15T00:00:00+00:00"}, "gcve": {"object_uuid": "8c25169b-2933-442f-9966-61d3feb84bff", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-15T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability | Affected: SolarWinds / Web Help Desk | Description: SolarWinds Web Help Desk contains a deserialization of untrusted data vulnerability that could allow for remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28986; https://nvd.nist.gov/vuln/detail/CVE-2024-28986"}, "references": [{"id": "CVE-2024-28986", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-28986"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Web Help Desk", "due_date": "2024-09-05", "date_added": "2024-08-15", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "adaca0de-1db8-4424-a507-5a9756c2b772", "vulnerability": {"vulnId": "CVE-2024-38107", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "adaca0de-1db8-4424-a507-5a9756c2b772", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Power Dependency Coordinator contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to obtain SYSTEM privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38107; https://nvd.nist.gov/vuln/detail/CVE-2024-38107"}, "references": [{"id": "CVE-2024-38107", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38107"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-09-03", "date_added": "2024-08-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Power Dependency Coordinator Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0d5246b9-82ca-48c1-9073-002c73cefde7", "vulnerability": {"vulnId": "CVE-2024-38213", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "0d5246b9-82ca-48c1-9073-002c73cefde7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience via a malicious file. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38213; https://nvd.nist.gov/vuln/detail/CVE-2024-38213"}, "references": [{"id": "CVE-2024-38213", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38213"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-693"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-09-03", "date_added": "2024-08-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows SmartScreen Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8e3211ea-4fa2-4020-80f2-d75ba50f290c", "vulnerability": {"vulnId": "CVE-2024-38106", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "8e3211ea-4fa2-4020-80f2-d75ba50f290c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Kernel contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. Successful exploitation of this vulnerability requires an attacker to win a race condition. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38106; https://nvd.nist.gov/vuln/detail/CVE-2024-38106"}, "references": [{"id": "CVE-2024-38106", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38106"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-591"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-09-03", "date_added": "2024-08-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "062f6323-a330-4bba-a9f4-b9a1f43ff238", "vulnerability": {"vulnId": "CVE-2024-38178", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "062f6323-a330-4bba-a9f4-b9a1f43ff238", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Scripting Engine contains a memory corruption vulnerability that allows unauthenticated attacker to initiate remote code execution via a specially crafted URL. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38178; https://nvd.nist.gov/vuln/detail/CVE-2024-38178"}, "references": [{"id": "CVE-2024-38178", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38178"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-09-03", "date_added": "2024-08-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Scripting Engine Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a4b726ad-4b46-498e-973f-ace63a45a9cf", "vulnerability": {"vulnId": "CVE-2024-38193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "a4b726ad-4b46-498e-973f-ace63a45a9cf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Ancillary Function Driver for WinSock contains an unspecified vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38193; https://nvd.nist.gov/vuln/detail/CVE-2024-38193"}, "references": [{"id": "CVE-2024-38193", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38193"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-09-03", "date_added": "2024-08-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Ancillary Function Driver for WinSock Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7a63523c-8f5f-4a5d-b2cc-27cea4a64050", "vulnerability": {"vulnId": "CVE-2024-38189", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-13T00:00:00+00:00"}, "gcve": {"object_uuid": "7a63523c-8f5f-4a5d-b2cc-27cea4a64050", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Project Remote Code Execution Vulnerability  | Affected: Microsoft / Project | Description: Microsoft Project contains an unspecified vulnerability that allows for remote code execution via a malicious file. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-09-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38189; https://nvd.nist.gov/vuln/detail/CVE-2024-38189"}, "references": [{"id": "CVE-2024-38189", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38189"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Project", "due_date": "2024-09-03", "date_added": "2024-08-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Project Remote Code Execution Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "80dc021f-179d-40d6-aeb8-19482aa8585d", "vulnerability": {"vulnId": "CVE-2024-32113", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-07T00:00:00+00:00"}, "gcve": {"object_uuid": "80dc021f-179d-40d6-aeb8-19482aa8585d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache OFBiz Path Traversal Vulnerability | Affected: Apache / OFBiz | Description: Apache OFBiz contains a path traversal vulnerability that could allow for remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-08-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/w6s60okgkxp2th1sr8vx0ndmgk68fqrd; https://nvd.nist.gov/vuln/detail/CVE-2024-32113"}, "references": [{"id": "CVE-2024-32113", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-32113"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "OFBiz", "due_date": "2024-08-28", "date_added": "2024-08-07", "vendorProject": "Apache", "vulnerabilityName": "Apache OFBiz Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "aac91036-d01c-4510-af88-5958708ad6a9", "vulnerability": {"vulnId": "CVE-2024-36971", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-07T00:00:00+00:00"}, "gcve": {"object_uuid": "aac91036-d01c-4510-af88-5958708ad6a9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Kernel Remote Code Execution Vulnerability | Affected: Android / Kernel | Description: Android contains an unspecified vulnerability in the kernel that allows for remote code execution. This vulnerability resides in Linux Kernel and could impact other products, including but not limited to Android OS. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-08-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see:   https://source.android.com/docs/security/bulletin/2024-08-01,  https://lore.kernel.org/linux-cve-announce/20240610090330.1347021-2-lee@kernel.org/T/#u ; https://nvd.nist.gov/vuln/detail/CVE-2024-36971"}, "references": [{"id": "CVE-2024-36971", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-36971"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2024-08-28", "date_added": "2024-08-07", "vendorProject": "Android", "vulnerabilityName": "Android Kernel Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "54bafb2a-eac0-42b4-a8b7-66b5013a8321", "vulnerability": {"vulnId": "CVE-2018-0824", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-08-05T00:00:00+00:00"}, "gcve": {"object_uuid": "54bafb2a-eac0-42b4-a8b7-66b5013a8321", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-08-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-08-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability | Affected: Microsoft / Windows | Description: Microsoft COM for Windows contains a deserialization of untrusted data vulnerability that allows for privilege escalation and remote code execution via a specially crafted file or script. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-08-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2018-0824; https://nvd.nist.gov/vuln/detail/CVE-2018-0824"}, "references": [{"id": "CVE-2018-0824", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0824"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-08-26", "date_added": "2024-08-05", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "08dccffe-9ce0-49c5-b0df-5c1b2f91d794", "vulnerability": {"vulnId": "CVE-2024-37085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-30T00:00:00+00:00"}, "gcve": {"object_uuid": "08dccffe-9ce0-49c5-b0df-5c1b2f91d794", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-30T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware ESXi Authentication Bypass Vulnerability | Affected: VMware / ESXi | Description: VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-08-20 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24505;   https://nvd.nist.gov/vuln/detail/CVE-2024-37085"}, "references": [{"id": "CVE-2024-37085", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-37085"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-305"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ESXi", "due_date": "2024-08-20", "date_added": "2024-07-30", "vendorProject": "VMware", "vulnerabilityName": "VMware ESXi Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "76aa267b-0f79-464b-8188-448d33660cfb", "vulnerability": {"vulnId": "CVE-2024-5217", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "76aa267b-0f79-464b-8188-448d33660cfb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-29T00:00:00Z"}, "scope": {"notes": "KEV entry: ServiceNow Incomplete List of Disallowed Inputs Vulnerability | Affected: ServiceNow / Utah, Vancouver, and Washington DC Now Platform | Description: ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-08-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313; https://nvd.nist.gov/vuln/detail/CVE-2024-5217"}, "references": [{"id": "CVE-2024-5217", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-5217"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-184"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Utah, Vancouver, and Washington DC Now Platform", "due_date": "2024-08-19", "date_added": "2024-07-29", "vendorProject": "ServiceNow", "vulnerabilityName": "ServiceNow Incomplete List of Disallowed Inputs Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "79a31a14-ef9e-4e7a-9a2d-4fd1ff149bc0", "vulnerability": {"vulnId": "CVE-2024-4879", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "79a31a14-ef9e-4e7a-9a2d-4fd1ff149bc0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-29T00:00:00Z"}, "scope": {"notes": "KEV entry: ServiceNow Improper Input Validation Vulnerability | Affected: ServiceNow / Utah, Vancouver, and Washington DC Now Platform | Description: ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.  | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-08-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154; https://nvd.nist.gov/vuln/detail/CVE-2024-4879"}, "references": [{"id": "CVE-2024-4879", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-4879"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Utah, Vancouver, and Washington DC Now Platform", "due_date": "2024-08-19", "date_added": "2024-07-29", "vendorProject": "ServiceNow", "vulnerabilityName": "ServiceNow Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d8e8bf1d-fb93-4931-9c24-0b98117448b6", "vulnerability": {"vulnId": "CVE-2023-45249", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "d8e8bf1d-fb93-4931-9c24-0b98117448b6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability | Affected: Acronis / Cyber Infrastructure (ACI) | Description: Acronis Cyber Infrastructure (ACI) allows an unauthenticated user to execute commands remotely due to the use of default passwords. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-08-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security-advisory.acronis.com/advisories/SEC-6452;  https://nvd.nist.gov/vuln/detail/CVE-2023-45249"}, "references": [{"id": "CVE-2023-45249", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-45249"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1393"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Cyber Infrastructure (ACI)", "due_date": "2024-08-19", "date_added": "2024-07-29", "vendorProject": "Acronis", "vulnerabilityName": "Acronis Cyber Infrastructure (ACI) Insecure Default Password Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2e06c057-203e-4bea-bcb9-14cb29ca06c8", "vulnerability": {"vulnId": "CVE-2012-4792", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-23T00:00:00+00:00"}, "gcve": {"object_uuid": "2e06c057-203e-4bea-bcb9-14cb29ca06c8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Use-After-Free Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a use-after-free vulnerability that allows a remote attacker to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2024-08-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://learn.microsoft.com/en-us/lifecycle/products/internet-explorer-11; https://nvd.nist.gov/vuln/detail/CVE-2012-4792"}, "references": [{"id": "CVE-2012-4792", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-4792"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2024-08-13", "date_added": "2024-07-23", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7d0e47d0-8904-44c8-af55-7e1f0024cba4", "vulnerability": {"vulnId": "CVE-2024-39891", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-23T00:00:00+00:00"}, "gcve": {"object_uuid": "7d0e47d0-8904-44c8-af55-7e1f0024cba4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Twilio Authy Information Disclosure Vulnerability | Affected: Twilio / Authy | Description: Twilio Authy contains an information disclosure vulnerability in its API that allows an unauthenticated endpoint to accept a request containing a phone number and respond with information about whether the phone number was registered with Authy. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-08-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS; https://nvd.nist.gov/vuln/detail/CVE-2024-39891"}, "references": [{"id": "CVE-2024-39891", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-39891"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-203"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Authy", "due_date": "2024-08-13", "date_added": "2024-07-23", "vendorProject": "Twilio", "vulnerabilityName": "Twilio Authy Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bc0d12b9-dcac-429d-b23d-8261d773156e", "vulnerability": {"vulnId": "CVE-2022-22948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-17T00:00:00+00:00"}, "gcve": {"object_uuid": "bc0d12b9-dcac-429d-b23d-8261d773156e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-17T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server Incorrect Default File Permissions Vulnerability  | Affected: VMware / vCenter Server | Description: VMware vCenter Server contains an incorrect default file permissions vulnerability that allows a remote, privileged attacker to gain access to sensitive information. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-08-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.vmware.com/security/advisories/VMSA-2022-0009.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-22948"}, "references": [{"id": "CVE-2022-22948", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22948"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-276"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2024-08-07", "date_added": "2024-07-17", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server Incorrect Default File Permissions Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "66f2010c-d45e-4f01-b0a2-0df0e7189024", "vulnerability": {"vulnId": "CVE-2024-34102", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-17T00:00:00+00:00"}, "gcve": {"object_uuid": "66f2010c-d45e-4f01-b0a2-0df0e7189024", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability | Affected: Adobe / Commerce and Magento Open Source | Description: Adobe Commerce and Magento Open Source contain an improper restriction of XML external entity reference (XXE) vulnerability that allows for remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-08-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://helpx.adobe.com/security/products/magento/apsb24-40.html;  https://nvd.nist.gov/vuln/detail/CVE-2024-34102"}, "references": [{"id": "CVE-2024-34102", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-34102"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-611"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Commerce and Magento Open Source", "due_date": "2024-08-07", "date_added": "2024-07-17", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f4e9cd2e-7f5d-40cc-be82-4adb4a778f75", "vulnerability": {"vulnId": "CVE-2024-28995", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-17T00:00:00+00:00"}, "gcve": {"object_uuid": "f4e9cd2e-7f5d-40cc-be82-4adb4a778f75", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-17T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Serv-U Path Traversal Vulnerability  | Affected: SolarWinds / Serv-U | Description: SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-08-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.solarwinds.com/trust-center/security-advisories/cve-2024-28995; https://nvd.nist.gov/vuln/detail/CVE-2024-28995"}, "references": [{"id": "CVE-2024-28995", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-28995"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Serv-U", "due_date": "2024-08-07", "date_added": "2024-07-17", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Serv-U Path Traversal Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4e0d0a73-e794-4257-8cd4-2a62c728ad41", "vulnerability": {"vulnId": "CVE-2024-36401", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-15T00:00:00+00:00"}, "gcve": {"object_uuid": "4e0d0a73-e794-4257-8cd4-2a62c728ad41", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-15T00:00:00Z"}, "scope": {"notes": "KEV entry: OSGeo GeoServer GeoTools Eval Injection Vulnerability | Affected: OSGeo / GeoServer | Description: OSGeo GeoServer GeoTools contains an improper neutralization of directives in dynamically evaluated code vulnerability due to unsafely evaluating property names as XPath expressions. This allows unauthenticated attackers to conduct remote code execution via specially crafted input. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-08-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects an open-source component, third-party library, or a protocol used by different products. For more information, please see: https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv, https://github.com/geotools/geotools/pull/4797 ;   https://nvd.nist.gov/vuln/detail/CVE-2024-36401"}, "references": [{"id": "CVE-2024-36401", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-36401"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-95"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "GeoServer", "due_date": "2024-08-05", "date_added": "2024-07-15", "vendorProject": "OSGeo", "vulnerabilityName": "OSGeo GeoServer GeoTools Eval Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bfd3e2b5-731a-49a7-b2a9-33f951c63267", "vulnerability": {"vulnId": "CVE-2024-38112", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-09T00:00:00+00:00"}, "gcve": {"object_uuid": "bfd3e2b5-731a-49a7-b2a9-33f951c63267", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows MSHTML Platform Spoofing Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows MSHTML Platform contains a spoofing vulnerability that has a high impact to confidentiality, integrity, and availability. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-07-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38112; https://nvd.nist.gov/vuln/detail/CVE-2024-38112"}, "references": [{"id": "CVE-2024-38112", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38112"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-451"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-07-30", "date_added": "2024-07-09", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows MSHTML Platform Spoofing Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "06724f64-88ab-4a83-a881-cf87bd7d3487", "vulnerability": {"vulnId": "CVE-2024-23692", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-09T00:00:00+00:00"}, "gcve": {"object_uuid": "06724f64-88ab-4a83-a881-cf87bd7d3487", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability | Affected: Rejetto / HTTP File Server | Description: Rejetto HTTP File Server contains an improper neutralization of special elements used in a template engine vulnerability. This allows a remote, unauthenticated attacker to execute commands on the affected system by sending a specially crafted HTTP request. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-07-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): The patched Rejetto HTTP File Server (HFS) is version 3: https://github.com/rejetto/hfs?tab=readme-ov-file#installation, https://www.rejetto.com/hfs/ ;   https://nvd.nist.gov/vuln/detail/CVE-2024-23692"}, "references": [{"id": "CVE-2024-23692", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23692"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1336"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HTTP File Server", "due_date": "2024-07-30", "date_added": "2024-07-09", "vendorProject": "Rejetto", "vulnerabilityName": "Rejetto HTTP File Server Improper Neutralization of Special Elements Used in a Template Engine Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d0b97027-0033-4b95-9b6b-e19f2ffeed0b", "vulnerability": {"vulnId": "CVE-2024-38080", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-09T00:00:00+00:00"}, "gcve": {"object_uuid": "d0b97027-0033-4b95-9b6b-e19f2ffeed0b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Hyper-V Privilege Escalation Vulnerability | Affected: Microsoft / Windows  | Description: Microsoft Windows Hyper-V contains a privilege escalation vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-07-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-38080; https://nvd.nist.gov/vuln/detail/CVE-2024-38080"}, "references": [{"id": "CVE-2024-38080", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-38080"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows ", "due_date": "2024-07-30", "date_added": "2024-07-09", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Hyper-V Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e9857037-65f8-46e8-ac1c-381fe38f8569", "vulnerability": {"vulnId": "CVE-2024-20399", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-07-02T00:00:00+00:00"}, "gcve": {"object_uuid": "e9857037-65f8-46e8-ac1c-381fe38f8569", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-07-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-07-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco NX-OS Command Injection Vulnerability | Affected: Cisco / NX-OS | Description: Cisco NX-OS contains a command injection vulnerability in the command line interface (CLI) that could allow an authenticated, local attacker to execute commands as root on the underlying operating system of an affected device. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-07-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP;   https://nvd.nist.gov/vuln/detail/CVE-2024-20399"}, "references": [{"id": "CVE-2024-20399", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-20399"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NX-OS", "due_date": "2024-07-23", "date_added": "2024-07-02", "vendorProject": "Cisco", "vulnerabilityName": "Cisco NX-OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c65b0f67-52cb-4bfa-9952-71e3e5f69928", "vulnerability": {"vulnId": "CVE-2022-2586", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "c65b0f67-52cb-4bfa-9952-71e3e5f69928", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-06-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Use-After-Free Vulnerability | Affected: Linux / Kernel | Description: Linux Kernel contains a use-after-free vulnerability in the nft_object, allowing local attackers to escalate privileges.  | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2024-07-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. For more information, please see: https://seclists.org/oss-sec/2022/q3/131;  https://nvd.nist.gov/vuln/detail/CVE-2022-2586"}, "references": [{"id": "CVE-2022-2586", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-2586"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2024-07-17", "date_added": "2024-06-26", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9b0268e6-3166-4783-9370-f76ecdecece7", "vulnerability": {"vulnId": "CVE-2020-13965", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "9b0268e6-3166-4783-9370-f76ecdecece7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-06-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability | Affected: Roundcube / Webmail | Description: Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows a remote attacker to manipulate data via a malicious XML attachment. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-07-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://roundcube.net/news/2020/06/02/security-updates-1.4.5-and-1.3.12; https://nvd.nist.gov/vuln/detail/CVE-2020-13965"}, "references": [{"id": "CVE-2020-13965", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-13965"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-80"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Webmail", "due_date": "2024-07-17", "date_added": "2024-06-26", "vendorProject": "Roundcube", "vulnerabilityName": "Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "462d77ea-5213-41fe-8f3b-b1d39c57e400", "vulnerability": {"vulnId": "CVE-2022-24816", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-26T00:00:00+00:00"}, "gcve": {"object_uuid": "462d77ea-5213-41fe-8f3b-b1d39c57e400", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-06-26T00:00:00Z"}, "scope": {"notes": "KEV entry: OSGeo GeoServer JAI-EXT Code Injection Vulnerability | Affected: OSGeo / JAI-EXT | Description: OSGeo GeoServer JAI-EXT contains a code injection vulnerability that, when programs use jt-jiffle and allow Jiffle script to be provided via network request, could allow remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-07-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. The patched JAI-EXT is version 1.1.22: https://github.com/geosolutions-it/jai-ext/releases/tag/1.1.22, https://github.com/geosolutions-it/jai-ext/security/advisories/GHSA-v92f-jx6p-73rx;  https://nvd.nist.gov/vuln/detail/CVE-2022-24816"}, "references": [{"id": "CVE-2022-24816", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-24816"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "JAI-EXT", "due_date": "2024-07-17", "date_added": "2024-06-26", "vendorProject": "OSGeo", "vulnerabilityName": "OSGeo GeoServer JAI-EXT Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a5a9a94c-91fb-49ea-85f7-d63c5f820d82", "vulnerability": {"vulnId": "CVE-2024-26169", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "a5a9a94c-91fb-49ea-85f7-d63c5f820d82", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-06-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2024-07-04 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26169; https://nvd.nist.gov/vuln/detail/CVE-2024-26169"}, "references": [{"id": "CVE-2024-26169", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-26169"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-07-04", "date_added": "2024-06-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "a07ece91-4850-4e4c-bdd0-9b7a3516d257", "vulnerability": {"vulnId": "CVE-2024-4358", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "a07ece91-4850-4e4c-bdd0-9b7a3516d257", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-06-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability | Affected: Progress / Telerik Report Server | Description: Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-07-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://docs.telerik.com/report-server/knowledge-base/registration-auth-bypass-cve-2024-4358; https://nvd.nist.gov/vuln/detail/CVE-2024-4358"}, "references": [{"id": "CVE-2024-4358", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-4358"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-290"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Telerik Report Server", "due_date": "2024-07-04", "date_added": "2024-06-13", "vendorProject": "Progress", "vulnerabilityName": "Progress Telerik Report Server Authentication Bypass by Spoofing Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "05bba1d4-c37d-4a17-bff6-dff2f6830651", "vulnerability": {"vulnId": "CVE-2024-32896", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "05bba1d4-c37d-4a17-bff6-dff2f6830651", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-06-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Pixel Privilege Escalation Vulnerability | Affected: Android / Pixel | Description: Android Pixel contains an unspecified vulnerability in the firmware that allows for privilege escalation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-07-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://source.android.com/docs/security/bulletin/pixel/2024-06-01; https://nvd.nist.gov/vuln/detail/CVE-2024-32896"}, "references": [{"id": "CVE-2024-32896", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-32896"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-783"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pixel", "due_date": "2024-07-04", "date_added": "2024-06-13", "vendorProject": "Android", "vulnerabilityName": "Android Pixel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b61fe924-9487-437e-960d-d4ce0605e994", "vulnerability": {"vulnId": "CVE-2024-4610", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-12T00:00:00+00:00"}, "gcve": {"object_uuid": "b61fe924-9487-437e-960d-d4ce0605e994", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-06-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability | Affected: Arm / Mali GPU Kernel Driver | Description: Arm Bifrost and Valhall GPU kernel drivers contain a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-07-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2024-4610"}, "references": [{"id": "CVE-2024-4610", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-4610"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mali GPU Kernel Driver", "due_date": "2024-07-03", "date_added": "2024-06-12", "vendorProject": "Arm", "vulnerabilityName": "Arm Mali GPU Kernel Driver Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "60e22401-4121-4ad7-aa56-c1016ce371a8", "vulnerability": {"vulnId": "CVE-2024-4577", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-12T00:00:00+00:00"}, "gcve": {"object_uuid": "60e22401-4121-4ad7-aa56-c1016ce371a8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-06-12T00:00:00Z"}, "scope": {"notes": "KEV entry: PHP-CGI OS Command Injection Vulnerability | Affected: PHP Group / PHP | Description: PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-07-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see:  https://www.php.net/ChangeLog-8.php#;   https://nvd.nist.gov/vuln/detail/CVE-2024-4577"}, "references": [{"id": "CVE-2024-4577", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-4577"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PHP", "due_date": "2024-07-03", "date_added": "2024-06-12", "vendorProject": "PHP Group", "vulnerabilityName": "PHP-CGI OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "143f687a-1e49-4246-8875-715d23ee0553", "vulnerability": {"vulnId": "CVE-2017-3506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-06-03T00:00:00+00:00"}, "gcve": {"object_uuid": "143f687a-1e49-4246-8875-715d23ee0553", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-06-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-06-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle WebLogic Server OS Command Injection Vulnerability | Affected: Oracle / WebLogic Server | Description: Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-06-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/cpuapr2017.html; https://nvd.nist.gov/vuln/detail/CVE-2017-3506"}, "references": [{"id": "CVE-2017-3506", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-3506"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebLogic Server", "due_date": "2024-06-24", "date_added": "2024-06-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle WebLogic Server OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "38c886fd-5d10-4dc0-b60f-65d5d1336dcc", "vulnerability": {"vulnId": "CVE-2024-24919", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-30T00:00:00+00:00"}, "gcve": {"object_uuid": "38c886fd-5d10-4dc0-b60f-65d5d1336dcc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Check Point Quantum Security Gateways Information Disclosure Vulnerability | Affected: Check Point / Quantum Security Gateways | Description: Check Point Quantum Security Gateways contain an unspecified information disclosure vulnerability. The vulnerability potentially allows an attacker to access information on Gateways connected to the internet, with IPSec VPN, Remote Access VPN or Mobile Access enabled. This issue affects several product lines from Check Point, including CloudGuard Network, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark Appliances. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-06-20 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://support.checkpoint.com/results/sk/sk182336 ; https://nvd.nist.gov/vuln/detail/CVE-2024-24919"}, "references": [{"id": "CVE-2024-24919", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-24919"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Quantum Security Gateways", "due_date": "2024-06-20", "date_added": "2024-05-30", "vendorProject": "Check Point", "vulnerabilityName": "Check Point Quantum Security Gateways Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3d1a8d60-f641-4699-8992-9dff1f28b623", "vulnerability": {"vulnId": "CVE-2024-1086", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3d1a8d60-f641-4699-8992-9dff1f28b623", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Use-After-Free Vulnerability | Affected: Linux / Kernel | Description: Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-06-20 | Known ransomware campaign use (KEV): Known | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660;   https://nvd.nist.gov/vuln/detail/CVE-2024-1086"}, "references": [{"id": "CVE-2024-1086", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-1086"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2024-06-20", "date_added": "2024-05-30", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "9d176767-103d-4f9e-b482-d765fea24103", "vulnerability": {"vulnId": "CVE-2024-4978", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-29T00:00:00+00:00"}, "gcve": {"object_uuid": "9d176767-103d-4f9e-b482-d765fea24103", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability | Affected: Justice AV Solutions / Viewer  | Description: Justice AV Solutions (JAVS) Viewer installer contains a malicious version of ffmpeg.exe, named fffmpeg.exe (SHA256: 421a4ad2615941b177b6ec4ab5e239c14e62af2ab07c6df1741e2a62223223c4). When run, this creates a backdoor connection to a malicious C2 server. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-06-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Please follow the vendor\u2019s instructions as outlined in the public statements at https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack#remediation and https://www.javs.com/downloads;  https://nvd.nist.gov/vuln/detail/CVE-2024-4978"}, "references": [{"id": "CVE-2024-4978", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-4978"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-506"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Viewer ", "due_date": "2024-06-19", "date_added": "2024-05-29", "vendorProject": "Justice AV Solutions", "vulnerabilityName": "Justice AV Solutions (JAVS) Viewer Installer Embedded Malicious Code Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "25fff3cd-1069-4937-9f78-a1b22b2fcf3c", "vulnerability": {"vulnId": "CVE-2024-5274", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-28T00:00:00+00:00"}, "gcve": {"object_uuid": "25fff3cd-1069-4937-9f78-a1b22b2fcf3c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-06-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2024-5274"}, "references": [{"id": "CVE-2024-5274", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-5274"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2024-06-18", "date_added": "2024-05-28", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7cda7e93-c969-4316-952e-7a847070e94d", "vulnerability": {"vulnId": "CVE-2020-17519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "7cda7e93-c969-4316-952e-7a847070e94d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Flink Improper Access Control Vulnerability | Affected: Apache / Flink | Description: Apache Flink contains an improper access control vulnerability that allows an attacker to read any file on the local filesystem of the JobManager through its REST interface. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://lists.apache.org/thread/typ0h03zyfrzjqlnb7plh64df1g2383d; https://nvd.nist.gov/vuln/detail/CVE-2020-17519"}, "references": [{"id": "CVE-2020-17519", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-17519"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-552"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flink", "due_date": "2024-06-13", "date_added": "2024-05-23", "vendorProject": "Apache", "vulnerabilityName": "Apache Flink Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cbb0d908-df1b-4527-b693-62aba2950ec1", "vulnerability": {"vulnId": "CVE-2024-4947", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-20T00:00:00+00:00"}, "gcve": {"object_uuid": "cbb0d908-df1b-4527-b693-62aba2950ec1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-06-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html; https://nvd.nist.gov/vuln/detail/CVE-2024-4947"}, "references": [{"id": "CVE-2024-4947", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-4947"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2024-06-10", "date_added": "2024-05-20", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3953e512-fd1c-44d8-9ab6-005bc83be48c", "vulnerability": {"vulnId": "CVE-2023-43208", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-20T00:00:00+00:00"}, "gcve": {"object_uuid": "3953e512-fd1c-44d8-9ab6-005bc83be48c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-20T00:00:00Z"}, "scope": {"notes": "KEV entry: NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability | Affected: NextGen Healthcare / Mirth Connect | Description: NextGen Healthcare Mirth Connect contains a deserialization of untrusted data vulnerability that allows for unauthenticated remote code execution via a specially crafted request. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-06-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status.   For more information, please see: https://github.com/nextgenhealthcare/connect/wiki/4.4.1---What%27s-New ;  https://nvd.nist.gov/vuln/detail/CVE-2023-43208"}, "references": [{"id": "CVE-2023-43208", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-43208"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mirth Connect", "due_date": "2024-06-10", "date_added": "2024-05-20", "vendorProject": "NextGen Healthcare", "vulnerabilityName": "NextGen Healthcare Mirth Connect Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "efc8ea6c-f6fa-4dfc-b815-58da9670f607", "vulnerability": {"vulnId": "CVE-2014-100005", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-16T00:00:00+00:00"}, "gcve": {"object_uuid": "efc8ea6c-f6fa-4dfc-b815-58da9670f607", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-16T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability | Affected: D-Link / DIR-600 Router | Description: D-Link DIR-600 routers contain a cross-site request forgery (CSRF) vulnerability that allows an attacker to change router configurations by hijacking an existing administrator session. | Required action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions. | Due date: 2024-06-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://legacy.us.dlink.com/pages/product.aspx?id=4587b63118524aec911191cc81605283; https://nvd.nist.gov/vuln/detail/CVE-2014-100005"}, "references": [{"id": "CVE-2014-100005", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-100005"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-352"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DIR-600 Router", "due_date": "2024-06-06", "date_added": "2024-05-16", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DIR-600 Router Cross-Site Request Forgery (CSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6695f47b-f1c5-4151-bf40-31d885d1dfca", "vulnerability": {"vulnId": "CVE-2021-40655", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-16T00:00:00+00:00"}, "gcve": {"object_uuid": "6695f47b-f1c5-4151-bf40-31d885d1dfca", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-16T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DIR-605 Router Information Disclosure Vulnerability | Affected: D-Link / DIR-605 Router | Description: D-Link DIR-605 routers contain an information disclosure vulnerability that allows attackers to obtain a username and password by forging a post request to the /getcfg.php page.  | Required action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions. | Due date: 2024-06-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://legacy.us.dlink.com/pages/product.aspx?id=2b09e95d90ff4cb38830ecc04c89cee5; https://nvd.nist.gov/vuln/detail/CVE-2021-40655"}, "references": [{"id": "CVE-2021-40655", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-40655"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DIR-605 Router", "due_date": "2024-06-06", "date_added": "2024-05-16", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DIR-605 Router Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "565c352e-b9bd-4547-9741-be031a761c39", "vulnerability": {"vulnId": "CVE-2024-4761", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-16T00:00:00+00:00"}, "gcve": {"object_uuid": "565c352e-b9bd-4547-9741-be031a761c39", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Out-of-Bounds Memory Write Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains an unspecified out-of-bounds memory write vulnerability via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera.  | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-06-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html; https://nvd.nist.gov/vuln/detail/CVE-2024-4761"}, "references": [{"id": "CVE-2024-4761", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-4761"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2024-06-06", "date_added": "2024-05-16", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Out-of-Bounds Memory Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2dec0807-5735-4a83-98f1-736d5b249e01", "vulnerability": {"vulnId": "CVE-2024-30040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-14T00:00:00+00:00"}, "gcve": {"object_uuid": "2dec0807-5735-4a83-98f1-736d5b249e01", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-06-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040; https://nvd.nist.gov/vuln/detail/CVE-2024-30040"}, "references": [{"id": "CVE-2024-30040", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-30040"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-06-04", "date_added": "2024-05-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7860605d-abed-4e6b-bab4-66446ca2d63f", "vulnerability": {"vulnId": "CVE-2024-30051", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-14T00:00:00+00:00"}, "gcve": {"object_uuid": "7860605d-abed-4e6b-bab4-66446ca2d63f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-14T00:00:00Z"}, "scope": {"notes": "KEV entry:  Microsoft DWM Core Library Privilege Escalation Vulnerability | Affected: Microsoft / DWM Core Library | Description: Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-06-04 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051; https://nvd.nist.gov/vuln/detail/CVE-2024-30051"}, "references": [{"id": "CVE-2024-30051", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-30051"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DWM Core Library", "due_date": "2024-06-04", "date_added": "2024-05-14", "vendorProject": "Microsoft", "vulnerabilityName": " Microsoft DWM Core Library Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "59804577-82ab-4a2d-ab2c-581cfad0f623", "vulnerability": {"vulnId": "CVE-2024-4671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-13T00:00:00+00:00"}, "gcve": {"object_uuid": "59804577-82ab-4a2d-ab2c-581cfad0f623", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Visuals Use-After-Free Vulnerability | Affected: Google / Chromium | Description: Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-06-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2024-4671"}, "references": [{"id": "CVE-2024-4671", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-4671"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium", "due_date": "2024-06-03", "date_added": "2024-05-13", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Visuals Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "13e7215f-45db-4b2e-983d-9741a50e8a25", "vulnerability": {"vulnId": "CVE-2023-7028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-05-01T00:00:00+00:00"}, "gcve": {"object_uuid": "13e7215f-45db-4b2e-983d-9741a50e8a25", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-05-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-05-01T00:00:00Z"}, "scope": {"notes": "KEV entry: GitLab Community and Enterprise Editions Improper Access Control Vulnerability | Affected: GitLab / GitLab CE/EE | Description: GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-05-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ ;  https://nvd.nist.gov/vuln/detail/CVE-2023-7028"}, "references": [{"id": "CVE-2023-7028", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-7028"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "GitLab CE/EE", "due_date": "2024-05-22", "date_added": "2024-05-01", "vendorProject": "GitLab", "vulnerabilityName": "GitLab Community and Enterprise Editions Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2f4f3b6f-f8d4-40fa-8108-7b2261c96b33", "vulnerability": {"vulnId": "CVE-2024-29988", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-30T00:00:00+00:00"}, "gcve": {"object_uuid": "2f4f3b6f-f8d4-40fa-8108-7b2261c96b33", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-04-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability | Affected: Microsoft / SmartScreen Prompt | Description: Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-05-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988; https://nvd.nist.gov/vuln/detail/CVE-2024-29988"}, "references": [{"id": "CVE-2024-29988", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-29988"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-693"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SmartScreen Prompt", "due_date": "2024-05-21", "date_added": "2024-04-30", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1c2b1901-4ff5-40c6-94ea-f9d0d95426b8", "vulnerability": {"vulnId": "CVE-2024-20359", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "1c2b1901-4ff5-40c6-94ea-f9d0d95426b8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-04-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco ASA and FTD Privilege Escalation Vulnerability | Affected: Cisco / Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Description: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-05-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h;  https://nvd.nist.gov/vuln/detail/CVE-2024-20359"}, "references": [{"id": "CVE-2024-20359", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-20359"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)", "due_date": "2024-05-01", "date_added": "2024-04-24", "vendorProject": "Cisco", "vulnerabilityName": "Cisco ASA and FTD Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3d332800-7861-4807-a935-66af2736ab84", "vulnerability": {"vulnId": "CVE-2024-20353", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "3d332800-7861-4807-a935-66af2736ab84", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-04-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco ASA and FTD Denial of Service Vulnerability | Affected: Cisco / Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Description: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-05-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2;   https://nvd.nist.gov/vuln/detail/CVE-2024-20353"}, "references": [{"id": "CVE-2024-20353", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-20353"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-835"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)", "due_date": "2024-05-01", "date_added": "2024-04-24", "vendorProject": "Cisco", "vulnerabilityName": "Cisco ASA and FTD Denial of Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "89273c87-aa73-4f7a-a840-c748fde773b0", "vulnerability": {"vulnId": "CVE-2024-4040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-24T00:00:00+00:00"}, "gcve": {"object_uuid": "89273c87-aa73-4f7a-a840-c748fde773b0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-04-24T00:00:00Z"}, "scope": {"notes": "KEV entry: CrushFTP VFS Sandbox Escape Vulnerability | Affected: CrushFTP / CrushFTP | Description: CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS). | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-05-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update&version=34; https://nvd.nist.gov/vuln/detail/CVE-2024-4040"}, "references": [{"id": "CVE-2024-4040", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-4040"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1336"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CrushFTP", "due_date": "2024-05-01", "date_added": "2024-04-24", "vendorProject": "CrushFTP", "vulnerabilityName": "CrushFTP VFS Sandbox Escape Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "261e7b79-245a-4093-b5ce-f834cfcb9c57", "vulnerability": {"vulnId": "CVE-2022-38028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-23T00:00:00+00:00"}, "gcve": {"object_uuid": "261e7b79-245a-4093-b5ce-f834cfcb9c57", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-04-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Print Spooler Privilege Escalation Vulnerability  | Affected: Microsoft / Windows | Description: Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.   | Due date: 2024-05-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38028;  https://nvd.nist.gov/vuln/detail/CVE-2022-38028"}, "references": [{"id": "CVE-2022-38028", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-38028"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-05-14", "date_added": "2024-04-23", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Print Spooler Privilege Escalation Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3f512b0f-f3ce-4bd7-9a3c-59f73c44c882", "vulnerability": {"vulnId": "CVE-2024-3400", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-12T00:00:00+00:00"}, "gcve": {"object_uuid": "3f512b0f-f3ce-4bd7-9a3c-59f73c44c882", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-04-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks PAN-OS Command Injection Vulnerability | Affected: Palo Alto Networks / PAN-OS | Description: Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall. | Required action: Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule. | Due date: 2024-04-19 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://security.paloaltonetworks.com/CVE-2024-3400 ;   https://nvd.nist.gov/vuln/detail/CVE-2024-3400"}, "references": [{"id": "CVE-2024-3400", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-3400"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PAN-OS", "due_date": "2024-04-19", "date_added": "2024-04-12", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks PAN-OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2eff5ef2-5bb3-4e53-8064-25de3579bf6e", "vulnerability": {"vulnId": "CVE-2024-3272", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "2eff5ef2-5bb3-4e53-8064-25de3579bf6e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-04-11T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability | Affected: D-Link / Multiple NAS Devices | Description: D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. | Required action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions. | Due date: 2024-05-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383; https://nvd.nist.gov/vuln/detail/CVE-2024-3272"}, "references": [{"id": "CVE-2024-3272", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-3272"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-798"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple NAS Devices", "due_date": "2024-05-02", "date_added": "2024-04-11", "vendorProject": "D-Link", "vulnerabilityName": "D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "21274352-7a91-4c55-9062-2757e2430e1e", "vulnerability": {"vulnId": "CVE-2024-3273", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "21274352-7a91-4c55-9062-2757e2430e1e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-04-11T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link Multiple NAS Devices Command Injection Vulnerability | Affected: D-Link / Multiple NAS Devices | Description: D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution. | Required action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions. | Due date: 2024-05-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383; https://nvd.nist.gov/vuln/detail/CVE-2024-3273"}, "references": [{"id": "CVE-2024-3273", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-3273"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple NAS Devices", "due_date": "2024-05-02", "date_added": "2024-04-11", "vendorProject": "D-Link", "vulnerabilityName": "D-Link Multiple NAS Devices Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "254cf975-92cf-485f-824d-3bdb31715e69", "vulnerability": {"vulnId": "CVE-2024-29745", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "254cf975-92cf-485f-824d-3bdb31715e69", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-04-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Pixel Information Disclosure Vulnerability | Affected: Android / Pixel | Description: Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-04-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://source.android.com/docs/security/bulletin/pixel/2024-04-01 ; https://nvd.nist.gov/vuln/detail/CVE-2024-29745"}, "references": [{"id": "CVE-2024-29745", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-29745"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-908"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pixel", "due_date": "2024-04-25", "date_added": "2024-04-04", "vendorProject": "Android", "vulnerabilityName": "Android Pixel Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "31ea124f-6aa9-46f6-808d-ef9e1b4ec290", "vulnerability": {"vulnId": "CVE-2024-29748", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "31ea124f-6aa9-46f6-808d-ef9e1b4ec290", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-04-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-04-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Pixel Privilege Escalation Vulnerability | Affected: Android / Pixel | Description: Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-04-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://source.android.com/docs/security/bulletin/pixel/2024-04-01; https://nvd.nist.gov/vuln/detail/CVE-2024-29748"}, "references": [{"id": "CVE-2024-29748", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-29748"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-280"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pixel", "due_date": "2024-04-25", "date_added": "2024-04-04", "vendorProject": "Android", "vulnerabilityName": "Android Pixel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2ffa952e-c70f-47e0-896d-476004f10415", "vulnerability": {"vulnId": "CVE-2023-24955", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-26T00:00:00+00:00"}, "gcve": {"object_uuid": "2ffa952e-c70f-47e0-896d-476004f10415", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-03-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SharePoint Server Code Injection Vulnerability | Affected: Microsoft / SharePoint Server | Description: Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-04-16 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955;  https://nvd.nist.gov/vuln/detail/CVE-2023-24955"}, "references": [{"id": "CVE-2023-24955", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-24955"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SharePoint Server", "due_date": "2024-04-16", "date_added": "2024-03-26", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SharePoint Server Code Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "ba8a13f2-1828-49c3-9c04-905097370abd", "vulnerability": {"vulnId": "CVE-2019-7256", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "ba8a13f2-1828-49c3-9c04-905097370abd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Nice Linear eMerge E3-Series OS Command Injection Vulnerability | Affected: Nice / Linear eMerge E3-Series | Description: Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution. | Required action: Contact the vendor for guidance on remediating firmware, per their advisory. | Due date: 2024-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf, https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01; https://nvd.nist.gov/vuln/detail/CVE-2019-7256"}, "references": [{"id": "CVE-2019-7256", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7256"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Linear eMerge E3-Series", "due_date": "2024-04-15", "date_added": "2024-03-25", "vendorProject": "Nice", "vulnerabilityName": "Nice Linear eMerge E3-Series OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3d3e4bb8-ab3a-41e0-aa6d-330eeb5f0c53", "vulnerability": {"vulnId": "CVE-2023-48788", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "3d3e4bb8-ab3a-41e0-aa6d-330eeb5f0c53", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiClient EMS SQL Injection Vulnerability | Affected: Fortinet / FortiClient EMS | Description: Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.fortiguard.com/psirt/FG-IR-24-007;  https://nvd.nist.gov/vuln/detail/CVE-2023-48788"}, "references": [{"id": "CVE-2023-48788", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-48788"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiClient EMS", "due_date": "2024-04-15", "date_added": "2024-03-25", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiClient EMS SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "310c8510-0ddf-4906-8633-76e220a394dd", "vulnerability": {"vulnId": "CVE-2021-44529", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "310c8510-0ddf-4906-8633-76e220a394dd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability  | Affected: Ivanti / Endpoint Manager Cloud Service Appliance (EPM CSA) | Description: Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody). | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://forums.ivanti.com/s/article/SA-2021-12-02?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-44529"}, "references": [{"id": "CVE-2021-44529", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44529"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Endpoint Manager Cloud Service Appliance (EPM CSA)", "due_date": "2024-04-15", "date_added": "2024-03-25", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability ", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "c9976f02-9b06-467e-b11e-e2c217dbfca6", "vulnerability": {"vulnId": "CVE-2024-27198", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "c9976f02-9b06-467e-b11e-e2c217dbfca6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: JetBrains TeamCity Authentication Bypass Vulnerability | Affected: JetBrains / TeamCity | Description: JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.jetbrains.com/help/teamcity/teamcity-2023-11-4-release-notes.html; https://nvd.nist.gov/vuln/detail/CVE-2024-27198"}, "references": [{"id": "CVE-2024-27198", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-27198"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "TeamCity", "due_date": "2024-03-28", "date_added": "2024-03-07", "vendorProject": "JetBrains", "vulnerabilityName": "JetBrains TeamCity Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "56989578-546c-4e7a-a0a7-8e519876753e", "vulnerability": {"vulnId": "CVE-2024-23225", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-06T00:00:00+00:00"}, "gcve": {"object_uuid": "56989578-546c-4e7a-a0a7-8e519876753e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-03-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, tvOS, watchOS, and visionOS kernel contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT214081, https://support.apple.com/en-us/HT214082, https://support.apple.com/en-us/HT214083, https://support.apple.com/en-us/HT214084, https://support.apple.com/en-us/HT214085, https://support.apple.com/en-us/HT214086, https://support.apple.com/en-us/HT214087, https://support.apple.com/en-us/HT214088 ;  https://nvd.nist.gov/vuln/detail/CVE-2024-23225"}, "references": [{"id": "CVE-2024-23225", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23225"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2024-03-27", "date_added": "2024-03-06", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b8c86071-62f2-4267-a2e3-6f316f9ffa1b", "vulnerability": {"vulnId": "CVE-2024-23296", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-06T00:00:00+00:00"}, "gcve": {"object_uuid": "b8c86071-62f2-4267-a2e3-6f316f9ffa1b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-03-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT214081, https://support.apple.com/en-us/HT214082, https://support.apple.com/en-us/HT214084, https://support.apple.com/en-us/HT214086, https://support.apple.com/en-us/HT214088  ;  https://nvd.nist.gov/vuln/detail/CVE-2024-23296"}, "references": [{"id": "CVE-2024-23296", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23296"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2024-03-27", "date_added": "2024-03-06", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "56b4cf48-5d55-45d0-add9-c066e208419f", "vulnerability": {"vulnId": "CVE-2021-36380", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-05T00:00:00+00:00"}, "gcve": {"object_uuid": "56b4cf48-5d55-45d0-add9-c066e208419f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-03-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Sunhillo SureLine OS Command Injection Vulnerablity | Affected: Sunhillo / SureLine | Description: Sunhillo SureLine contains an OS command injection vulnerability that allows an attacker to cause a denial-of-service or utilize the device for persistence on the network via shell metacharacters in ipAddr or dnsAddr in /cgi/networkDiag.cgi. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.sunhillo.com/fb011/; https://nvd.nist.gov/vuln/detail/CVE-2021-36380"}, "references": [{"id": "CVE-2021-36380", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-36380"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SureLine", "due_date": "2024-03-26", "date_added": "2024-03-05", "vendorProject": "Sunhillo", "vulnerabilityName": "Sunhillo SureLine OS Command Injection Vulnerablity", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9e0a3fc6-512b-449a-bc2a-4a1561977205", "vulnerability": {"vulnId": "CVE-2023-21237", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-05T00:00:00+00:00"}, "gcve": {"object_uuid": "9e0a3fc6-512b-449a-bc2a-4a1561977205", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-03-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Pixel Information Disclosure Vulnerability  | Affected: Android / Pixel | Description: Android Pixel contains a vulnerability in the Framework component, where the UI may be misleading or insufficient, providing a means to hide a foreground service notification. This could enable a local attacker to disclose sensitive information. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://source.android.com/docs/security/bulletin/pixel/2023-06-01;  https://nvd.nist.gov/vuln/detail/CVE-2023-21237"}, "references": [{"id": "CVE-2023-21237", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-21237"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pixel", "due_date": "2024-03-26", "date_added": "2024-03-05", "vendorProject": "Android", "vulnerabilityName": "Android Pixel Information Disclosure Vulnerability ", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "84dfe84e-780a-4938-bfb7-9662816cb473", "vulnerability": {"vulnId": "CVE-2024-21338", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-03-04T00:00:00+00:00"}, "gcve": {"object_uuid": "84dfe84e-780a-4938-bfb7-9662816cb473", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-03-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-03-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Kernel contains an exposed IOCTL with insufficient access control vulnerability within the IOCTL (input and output control) dispatcher in appid.sys that allows a local attacker to achieve privilege escalation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-25 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21338; https://nvd.nist.gov/vuln/detail/CVE-2024-21338"}, "references": [{"id": "CVE-2024-21338", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21338"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-822"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-03-25", "date_added": "2024-03-04", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Exposed IOCTL with Insufficient Access Control Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2897f7ce-b7d2-4922-aa26-2a96547cb27f", "vulnerability": {"vulnId": "CVE-2023-29360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-29T00:00:00+00:00"}, "gcve": {"object_uuid": "2897f7ce-b7d2-4922-aa26-2a96547cb27f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-02-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability | Affected: Microsoft / Streaming Service | Description: Microsoft Streaming Service contains an untrusted pointer dereference vulnerability that allows for privilege escalation, enabling a local attacker to gain SYSTEM privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29360 ;https://nvd.nist.gov/vuln/detail/CVE-2023-29360"}, "references": [{"id": "CVE-2023-29360", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-29360"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-822"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Streaming Service", "due_date": "2024-03-21", "date_added": "2024-02-29", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Streaming Service Untrusted Pointer Dereference Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ebca899c-1f83-4d49-9e23-e04c92a1d996", "vulnerability": {"vulnId": "CVE-2024-1709", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-22T00:00:00+00:00"}, "gcve": {"object_uuid": "ebca899c-1f83-4d49-9e23-e04c92a1d996", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-02-22T00:00:00Z"}, "scope": {"notes": "KEV entry: ConnectWise ScreenConnect Authentication Bypass Vulnerability | Affected: ConnectWise / ScreenConnect | Description: ConnectWise ScreenConnect contains an authentication bypass vulnerability that allows an attacker with network access to the management interface to create a new, administrator-level account on affected devices. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-02-29 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8; https://nvd.nist.gov/vuln/detail/CVE-2024-1709"}, "references": [{"id": "CVE-2024-1709", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-1709"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ScreenConnect", "due_date": "2024-02-29", "date_added": "2024-02-22", "vendorProject": "ConnectWise", "vulnerabilityName": "ConnectWise ScreenConnect Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "615d2b31-bef2-41eb-a763-2ba326566de7", "vulnerability": {"vulnId": "CVE-2020-3259", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "615d2b31-bef2-41eb-a763-2ba326566de7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-02-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco ASA and FTD Information Disclosure Vulnerability | Affected: Cisco / Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Description: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an information disclosure vulnerability. An attacker could retrieve memory contents on an affected device, which could lead to the disclosure of confidential information due to a buffer tracking issue when the software parses invalid URLs that are requested from the web services interface. This vulnerability affects only specific AnyConnect and WebVPN configurations. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-07 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB; https://nvd.nist.gov/vuln/detail/CVE-2020-3259"}, "references": [{"id": "CVE-2020-3259", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3259"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)", "due_date": "2024-03-07", "date_added": "2024-02-15", "vendorProject": "Cisco", "vulnerabilityName": "Cisco ASA and FTD Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "72e9e44d-6aec-4e9b-a745-febf71de7272", "vulnerability": {"vulnId": "CVE-2024-21410", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "72e9e44d-6aec-4e9b-a745-febf71de7272", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-02-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Privilege Escalation Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410; https://nvd.nist.gov/vuln/detail/CVE-2024-21410"}, "references": [{"id": "CVE-2024-21410", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21410"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2024-03-07", "date_added": "2024-02-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "01cd412d-d1a7-4237-b2b2-e6467ed23528", "vulnerability": {"vulnId": "CVE-2024-21351", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "01cd412d-d1a7-4237-b2b2-e6467ed23528", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-02-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the SmartScreen user experience and inject code to potentially gain code execution, which could lead to some data exposure, lack of system availability, or both. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21351; https://nvd.nist.gov/vuln/detail/CVE-2024-21351"}, "references": [{"id": "CVE-2024-21351", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21351"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-03-05", "date_added": "2024-02-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows SmartScreen Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "00ec6948-99b5-4263-a539-7f4f40868688", "vulnerability": {"vulnId": "CVE-2024-21412", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-13T00:00:00+00:00"}, "gcve": {"object_uuid": "00ec6948-99b5-4263-a539-7f4f40868688", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-02-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Internet Shortcut Files contains an unspecified vulnerability that allows for a security feature bypass. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2024-21412; https://nvd.nist.gov/vuln/detail/CVE-2024-21412"}, "references": [{"id": "CVE-2024-21412", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21412"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-693"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2024-03-05", "date_added": "2024-02-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Internet Shortcut Files Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "5715499d-83d3-4440-9649-c3058b603350", "vulnerability": {"vulnId": "CVE-2023-43770", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-12T00:00:00+00:00"}, "gcve": {"object_uuid": "5715499d-83d3-4440-9649-c3058b603350", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-02-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability | Affected: Roundcube / Webmail | Description: Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that can lead to information disclosure via malicious link references in plain/text messages. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-03-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://roundcube.net/news/2023/09/15/security-update-1.6.3-released ;  https://nvd.nist.gov/vuln/detail/CVE-2023-43770"}, "references": [{"id": "CVE-2023-43770", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-43770"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Webmail", "due_date": "2024-03-04", "date_added": "2024-02-12", "vendorProject": "Roundcube", "vulnerabilityName": "Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5c03b3b9-27ed-409a-b76a-f44da355b955", "vulnerability": {"vulnId": "CVE-2024-21762", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-09T00:00:00+00:00"}, "gcve": {"object_uuid": "5c03b3b9-27ed-409a-b76a-f44da355b955", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-02-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS Out-of-Bound Write Vulnerability | Affected: Fortinet / FortiOS | Description: Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-02-16 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://fortiguard.fortinet.com/psirt/FG-IR-24-015 ;   https://nvd.nist.gov/vuln/detail/CVE-2024-21762"}, "references": [{"id": "CVE-2024-21762", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21762"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS", "due_date": "2024-02-16", "date_added": "2024-02-09", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS Out-of-Bound Write Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "e0362177-1c36-4d39-8178-ed0ada24c46a", "vulnerability": {"vulnId": "CVE-2023-4762", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-02-06T00:00:00+00:00"}, "gcve": {"object_uuid": "e0362177-1c36-4d39-8178-ed0ada24c46a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-02-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-02-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 contains a type confusion vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-02-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html; https://nvd.nist.gov/vuln/detail/CVE-2023-4762"}, "references": [{"id": "CVE-2023-4762", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-4762"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2024-02-27", "date_added": "2024-02-06", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9d3584ba-a501-4007-8890-5f2350851464", "vulnerability": {"vulnId": "CVE-2024-21893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-31T00:00:00+00:00"}, "gcve": {"object_uuid": "9d3584ba-a501-4007-8890-5f2350851464", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-31T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability | Affected: Ivanti / Connect Secure, Policy Secure, and Neurons | Description: Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-02-02 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-21893"}, "references": [{"id": "CVE-2024-21893", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21893"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Connect Secure, Policy Secure, and Neurons", "due_date": "2024-02-02", "date_added": "2024-01-31", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Connect Secure, Policy Secure, and Neurons Server-Side Request Forgery (SSRF) Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "4cbf88f4-8601-41f4-b34e-d8e335575a8b", "vulnerability": {"vulnId": "CVE-2022-48618", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-31T00:00:00+00:00"}, "gcve": {"object_uuid": "4cbf88f4-8601-41f4-b34e-d8e335575a8b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-31T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a time-of-check/time-of-use (TOCTOU) memory corruption vulnerability that allows an attacker with read and write capabilities to bypass Pointer Authentication. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-02-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213530, https://support.apple.com/en-us/HT213532, https://support.apple.com/en-us/HT213535, https://support.apple.com/en-us/HT213536;  https://nvd.nist.gov/vuln/detail/CVE-2022-48618"}, "references": [{"id": "CVE-2022-48618", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-48618"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-367"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2024-02-21", "date_added": "2024-01-31", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "62a35acf-9b98-4598-a3c9-2b87af1bf54f", "vulnerability": {"vulnId": "CVE-2023-22527", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-24T00:00:00+00:00"}, "gcve": {"object_uuid": "62a35acf-9b98-4598-a3c9-2b87af1bf54f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Confluence Data Center and Server Template Injection Vulnerability | Affected: Atlassian / Confluence Data Center and Server | Description: Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-02-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-22527"}, "references": [{"id": "CVE-2023-22527", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-22527"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Confluence Data Center and Server", "due_date": "2024-02-14", "date_added": "2024-01-24", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Confluence Data Center and Server Template Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "63473639-b56d-4351-a3ea-1aba371db588", "vulnerability": {"vulnId": "CVE-2024-23222", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "63473639-b56d-4351-a3ea-1aba371db588", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Type Confusion Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-02-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT214055,  https://support.apple.com/en-us/HT214056, https://support.apple.com/en-us/HT214057, https://support.apple.com/en-us/HT214058, https://support.apple.com/en-us/HT214059, https://support.apple.com/en-us/HT214061, https://support.apple.com/en-us/HT214063 ;  https://nvd.nist.gov/vuln/detail/CVE-2024-23222"}, "references": [{"id": "CVE-2024-23222", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-23222"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2024-02-13", "date_added": "2024-01-23", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5a3ce4a6-23fe-4c70-a292-886554e53ca9", "vulnerability": {"vulnId": "CVE-2023-34048", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-22T00:00:00+00:00"}, "gcve": {"object_uuid": "5a3ce4a6-23fe-4c70-a292-886554e53ca9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-22T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server Out-of-Bounds Write Vulnerability | Affected: VMware / vCenter Server | Description: VMware vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol that allows an attacker to conduct remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-02-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.vmware.com/security/advisories/VMSA-2023-0023.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-34048"}, "references": [{"id": "CVE-2023-34048", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-34048"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2024-02-12", "date_added": "2024-01-22", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f294a80a-7b8c-426d-898c-f81f4460b48a", "vulnerability": {"vulnId": "CVE-2023-35082", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "f294a80a-7b8c-426d-898c-f81f4460b48a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability | Affected: Ivanti / Endpoint Manager Mobile (EPMM) and MobileIron Core | Description: Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-02-08 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older;  https://nvd.nist.gov/vuln/detail/CVE-2023-35082"}, "references": [{"id": "CVE-2023-35082", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-35082"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Endpoint Manager Mobile (EPMM) and MobileIron Core", "due_date": "2024-02-08", "date_added": "2024-01-18", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "9a1206d2-4fa6-46d8-bec0-72256e0118a9", "vulnerability": {"vulnId": "CVE-2024-0519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-17T00:00:00+00:00"}, "gcve": {"object_uuid": "9a1206d2-4fa6-46d8-bec0-72256e0118a9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Out-of-Bounds Memory Access Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-02-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html; https://nvd.nist.gov/vuln/detail/CVE-2024-0519"}, "references": [{"id": "CVE-2024-0519", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-0519"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2024-02-07", "date_added": "2024-01-17", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Out-of-Bounds Memory Access Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "486b19b9-cd8d-445b-8d07-eaa81d093b3f", "vulnerability": {"vulnId": "CVE-2023-6549", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-17T00:00:00+00:00"}, "gcve": {"object_uuid": "486b19b9-cd8d-445b-8d07-eaa81d093b3f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability | Affected: Citrix / NetScaler ADC and NetScaler Gateway | Description: Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for a denial-of-service when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-02-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549;   https://nvd.nist.gov/vuln/detail/CVE-2023-6549"}, "references": [{"id": "CVE-2023-6549", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-6549"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetScaler ADC and NetScaler Gateway", "due_date": "2024-02-07", "date_added": "2024-01-17", "vendorProject": "Citrix", "vulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "80c176d4-1003-4516-8d2a-a5970fd9136b", "vulnerability": {"vulnId": "CVE-2023-6548", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-17T00:00:00+00:00"}, "gcve": {"object_uuid": "80c176d4-1003-4516-8d2a-a5970fd9136b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability | Affected: Citrix / NetScaler ADC and NetScaler Gateway | Description: Citrix NetScaler ADC and NetScaler Gateway contain a code injection vulnerability that allows for authenticated remote code execution on the management interface with access to NSIP, CLIP, or SNIP. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549;   https://nvd.nist.gov/vuln/detail/CVE-2023-6548"}, "references": [{"id": "CVE-2023-6548", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-6548"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetScaler ADC and NetScaler Gateway", "due_date": "2024-01-24", "date_added": "2024-01-17", "vendorProject": "Citrix", "vulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "56038b82-f716-4a30-98c1-cae1b1bfe1d4", "vulnerability": {"vulnId": "CVE-2018-15133", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-16T00:00:00+00:00"}, "gcve": {"object_uuid": "56038b82-f716-4a30-98c1-cae1b1bfe1d4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Laravel Deserialization of Untrusted Data Vulnerability | Affected: Laravel / Laravel Framework | Description: Laravel Framework contains a deserialization of untrusted data vulnerability, allowing for remote command execution. This vulnerability may only be exploited if a malicious user has accessed the application encryption key (APP_KEY environment variable). | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-02-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://laravel.com/docs/5.6/upgrade#upgrade-5.6.30; https://nvd.nist.gov/vuln/detail/CVE-2018-15133"}, "references": [{"id": "CVE-2018-15133", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-15133"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Laravel Framework", "due_date": "2024-02-06", "date_added": "2024-01-16", "vendorProject": "Laravel", "vulnerabilityName": "Laravel Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "44f37a55-2d4c-417b-ba99-081100691c32", "vulnerability": {"vulnId": "CVE-2023-29357", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "44f37a55-2d4c-417b-ba99-081100691c32", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SharePoint Server Privilege Escalation Vulnerability | Affected: Microsoft / SharePoint Server | Description: Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-31 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29357; https://nvd.nist.gov/vuln/detail/CVE-2023-29357"}, "references": [{"id": "CVE-2023-29357", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-29357"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-303"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SharePoint Server", "due_date": "2024-01-31", "date_added": "2024-01-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SharePoint Server Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "b50e73bd-437e-4e8d-bf9f-1fe293b293c1", "vulnerability": {"vulnId": "CVE-2024-21887", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "b50e73bd-437e-4e8d-bf9f-1fe293b293c1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Connect Secure and Policy Secure Command Injection Vulnerability | Affected: Ivanti / Connect Secure and Policy Secure | Description: Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure contain a command injection vulnerability in the web components of these products, which can allow an authenticated administrator to send crafted requests to execute code on affected appliances. This vulnerability can be leveraged in conjunction with CVE-2023-46805, an authenticated bypass issue. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-22 | Known ransomware campaign use (KEV): Known | Notes (KEV): Please apply mitigations per vendor instructions. For more information, please see: https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2024-21887"}, "references": [{"id": "CVE-2024-21887", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-21887"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Connect Secure and Policy Secure", "due_date": "2024-01-22", "date_added": "2024-01-10", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Connect Secure and Policy Secure Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "89520554-7af1-4332-ac23-d048fbc93ed7", "vulnerability": {"vulnId": "CVE-2023-46805", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "89520554-7af1-4332-ac23-d048fbc93ed7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability | Affected: Ivanti / Connect Secure and Policy Secure | Description: Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure) and Ivanti Policy Secure gateways contain an authentication bypass vulnerability in the web component that allows an attacker to access restricted resources by bypassing control checks. This vulnerability can be leveraged in conjunction with CVE-2024-21887, a command injection vulnerability. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-22 | Known ransomware campaign use (KEV): Known | Notes (KEV): Please apply mitigations per vendor instructions. For more information, please see: https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US ;  https://nvd.nist.gov/vuln/detail/CVE-2023-46805"}, "references": [{"id": "CVE-2023-46805", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-46805"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Connect Secure and Policy Secure", "due_date": "2024-01-22", "date_added": "2024-01-10", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "203de08b-f2b6-439d-a005-5e2f6bb4f46a", "vulnerability": {"vulnId": "CVE-2023-29300", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "203de08b-f2b6-439d-a005-5e2f6bb4f46a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-29 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html; https://nvd.nist.gov/vuln/detail/CVE-2023-29300"}, "references": [{"id": "CVE-2023-29300", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-29300"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2024-01-29", "date_added": "2024-01-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "58e76622-8247-4ae3-ba02-cd75ea890d86", "vulnerability": {"vulnId": "CVE-2023-23752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "58e76622-8247-4ae3-ba02-cd75ea890d86", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Joomla! Improper Access Control Vulnerability | Affected: Joomla! / Joomla! | Description: Joomla! contains an improper access control vulnerability that allows unauthorized access to webservice endpoints. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-23752"}, "references": [{"id": "CVE-2023-23752", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-23752"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Joomla!", "due_date": "2024-01-29", "date_added": "2024-01-08", "vendorProject": "Joomla!", "vulnerabilityName": "Joomla! Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fd28aba4-bbe4-4e92-936c-c90d46391c76", "vulnerability": {"vulnId": "CVE-2023-41990", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "fd28aba4-bbe4-4e92-936c-c90d46391c76", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Code Execution Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability that allows for code execution when processing a font file. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213599, https://support.apple.com/en-us/HT213601, https://support.apple.com/en-us/HT213605, https://support.apple.com/en-us/HT213606, https://support.apple.com/en-us/HT213842, https://support.apple.com/en-us/HT213844, https://support.apple.com/en-us/HT213845 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-41990"}, "references": [{"id": "CVE-2023-41990", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41990"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2024-01-29", "date_added": "2024-01-08", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "16451f17-09ba-4ceb-a97e-86900967b58f", "vulnerability": {"vulnId": "CVE-2023-38203", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "16451f17-09ba-4ceb-a97e-86900967b58f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-29 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://helpx.adobe.com/security/products/coldfusion/apsb23-41.html ;  https://nvd.nist.gov/vuln/detail/CVE-2023-38203"}, "references": [{"id": "CVE-2023-38203", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38203"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2024-01-29", "date_added": "2024-01-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2bd8ea34-74bd-4e3c-a88c-4a0cb6f0b6a5", "vulnerability": {"vulnId": "CVE-2023-27524", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "2bd8ea34-74bd-4e3c-a88c-4a0cb6f0b6a5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Superset Insecure Default Initialization of Resource Vulnerability | Affected: Apache / Superset | Description: Apache Superset contains an insecure default initialization of a resource vulnerability that allows an attacker to authenticate and access unauthorized resources on installations that have not altered the default configured SECRET_KEY according to installation instructions. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://lists.apache.org/thread/n0ftx60sllf527j7g11kmt24wvof8xyk;  https://nvd.nist.gov/vuln/detail/CVE-2023-27524"}, "references": [{"id": "CVE-2023-27524", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-27524"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1188"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Superset", "due_date": "2024-01-29", "date_added": "2024-01-08", "vendorProject": "Apache", "vulnerabilityName": "Apache Superset Insecure Default Initialization of Resource Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "79b8a9d5-853c-44c0-a6cf-c586efd1aa66", "vulnerability": {"vulnId": "CVE-2016-20017", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-08T00:00:00+00:00"}, "gcve": {"object_uuid": "79b8a9d5-853c-44c0-a6cf-c586efd1aa66", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-08T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DSL-2750B Devices Command Injection Vulnerability | Affected: D-Link / DSL-2750B Devices | Description: D-Link DSL-2750B devices contain a command injection vulnerability that allows remote, unauthenticated command injection via the login.cgi cli parameter. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10088; https://nvd.nist.gov/vuln/detail/CVE-2016-20017"}, "references": [{"id": "CVE-2016-20017", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-20017"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DSL-2750B Devices", "due_date": "2024-01-29", "date_added": "2024-01-08", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DSL-2750B Devices Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bd739873-5932-48fb-9732-af2cae0ffc60", "vulnerability": {"vulnId": "CVE-2023-7101", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-02T00:00:00+00:00"}, "gcve": {"object_uuid": "bd739873-5932-48fb-9732-af2cae0ffc60", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Spreadsheet::ParseExcel Remote Code Execution Vulnerability | Affected: Spreadsheet::ParseExcel / Spreadsheet::ParseExcel | Description: Spreadsheet::ParseExcel contains a remote code execution vulnerability due to passing unvalidated input from a file into a string-type \u201ceval\u201d. Specifically, the issue stems from the evaluation of Number format strings within the Excel parsing logic. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://metacpan.org/dist/Spreadsheet-ParseExcel and Barracuda's specific implementation and fix for their downstream issue CVE-2023-7102 at https://www.barracuda.com/company/legal/esg-vulnerability;  https://nvd.nist.gov/vuln/detail/CVE-2023-7101"}, "references": [{"id": "CVE-2023-7101", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-7101"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-95"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Spreadsheet::ParseExcel", "due_date": "2024-01-23", "date_added": "2024-01-02", "vendorProject": "Spreadsheet::ParseExcel", "vulnerabilityName": "Spreadsheet::ParseExcel Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8c653006-44bc-4fb6-b6c4-b6eeacee11bb", "vulnerability": {"vulnId": "CVE-2023-7024", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2024-01-02T00:00:00+00:00"}, "gcve": {"object_uuid": "8c653006-44bc-4fb6-b6c4-b6eeacee11bb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2024-01-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2024-01-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium WebRTC Heap Buffer Overflow Vulnerability | Affected: Google / Chromium WebRTC | Description: Google Chromium WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using WebRTC, including but not limited to Google Chrome. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-7024"}, "references": [{"id": "CVE-2023-7024", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-7024"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium WebRTC", "due_date": "2024-01-23", "date_added": "2024-01-02", "vendorProject": "Google", "vulnerabilityName": "Google Chromium WebRTC Heap Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b0b58b85-825f-4237-bab0-4f4f9bce7786", "vulnerability": {"vulnId": "CVE-2023-47565", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-21T00:00:00+00:00"}, "gcve": {"object_uuid": "b0b58b85-825f-4237-bab0-4f4f9bce7786", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-12-21T00:00:00Z"}, "scope": {"notes": "KEV entry: QNAP VioStor NVR OS Command Injection Vulnerability | Affected: QNAP / VioStor NVR | Description: QNAP VioStar NVR contains an OS command injection vulnerability that allows authenticated users to execute commands via a network. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.qnap.com/en/security-advisory/qsa-23-48 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-47565"}, "references": [{"id": "CVE-2023-47565", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-47565"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VioStor NVR", "due_date": "2024-01-11", "date_added": "2023-12-21", "vendorProject": "QNAP", "vulnerabilityName": "QNAP VioStor NVR OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "45069dc1-11fe-4beb-aa2d-4e30e2eade59", "vulnerability": {"vulnId": "CVE-2023-49897", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-21T00:00:00+00:00"}, "gcve": {"object_uuid": "45069dc1-11fe-4beb-aa2d-4e30e2eade59", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-12-21T00:00:00Z"}, "scope": {"notes": "KEV entry: FXC AE1021, AE1021PE OS Command Injection Vulnerability | Affected: FXC / AE1021, AE1021PE | Description: FXC AE1021 and AE1021PE contain an OS command injection vulnerability that allows authenticated users to execute commands via a network. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2024-01-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.fxc.jp/news/20231206 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-49897"}, "references": [{"id": "CVE-2023-49897", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-49897"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AE1021, AE1021PE", "due_date": "2024-01-11", "date_added": "2023-12-21", "vendorProject": "FXC", "vulnerabilityName": "FXC AE1021, AE1021PE OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b5bafd3f-826d-4425-89ea-4cac02ebddca", "vulnerability": {"vulnId": "CVE-2023-6448", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-11T00:00:00+00:00"}, "gcve": {"object_uuid": "b5bafd3f-826d-4425-89ea-4cac02ebddca", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-12-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Unitronics Vision PLC and HMI Insecure Default Password Vulnerability | Affected: Unitronics / Vision PLC and HMI | Description: Unitronics Vision Series PLCs and HMIs ship with an insecure default password, which if left unchanged, can allow attackers to execute remote commands. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-12-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Note that while it is possible to change the default password, implementors are encouraged to remove affected controllers from public networks and update the affected firmware: https://downloads.unitronicsplc.com/Sites/plc/Technical_Library/Unitronics-Cybersecurity-Advisory-2023-001-CVE-2023-6448.pdf;   https://nvd.nist.gov/vuln/detail/CVE-2023-6448"}, "references": [{"id": "CVE-2023-6448", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-6448"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1188"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Vision PLC and HMI", "due_date": "2023-12-18", "date_added": "2023-12-11", "vendorProject": "Unitronics", "vulnerabilityName": "Unitronics Vision PLC and HMI Insecure Default Password Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "01f4190c-75f4-46ef-be9a-e82ce6d9be31", "vulnerability": {"vulnId": "CVE-2023-41266", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-07T00:00:00+00:00"}, "gcve": {"object_uuid": "01f4190c-75f4-46ef-be9a-e82ce6d9be31", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-12-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Qlik Sense Path Traversal Vulnerability | Affected: Qlik / Sense | Description: Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints. | Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. | Due date: 2023-12-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801  ;  https://nvd.nist.gov/vuln/detail/CVE-2023-41266"}, "references": [{"id": "CVE-2023-41266", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41266"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Sense", "due_date": "2023-12-28", "date_added": "2023-12-07", "vendorProject": "Qlik", "vulnerabilityName": "Qlik Sense Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "48628923-d100-4e39-8130-7db2741ac404", "vulnerability": {"vulnId": "CVE-2023-41265", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-07T00:00:00+00:00"}, "gcve": {"object_uuid": "48628923-d100-4e39-8130-7db2741ac404", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-12-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Qlik Sense HTTP Tunneling Vulnerability | Affected: Qlik / Sense | Description: Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software. | Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. | Due date: 2023-12-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801;  https://nvd.nist.gov/vuln/detail/CVE-2023-41265"}, "references": [{"id": "CVE-2023-41265", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41265"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-444"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Sense", "due_date": "2023-12-28", "date_added": "2023-12-07", "vendorProject": "Qlik", "vulnerabilityName": "Qlik Sense HTTP Tunneling Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "09532c0f-ce82-4e97-9a9f-a72eef96ba54", "vulnerability": {"vulnId": "CVE-2022-22071", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "09532c0f-ce82-4e97-9a9f-a72eef96ba54", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-12-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Use-After-Free Vulnerability | Affected: Qualcomm / Multiple Chipsets | Description: Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress. | Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. | Due date: 2023-12-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-5.4/-/commit/586840fde350d7b8563df9889c8ce397e2c20dda;  https://nvd.nist.gov/vuln/detail/CVE-2022-22071"}, "references": [{"id": "CVE-2022-22071", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22071"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2023-12-26", "date_added": "2023-12-05", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a3cfb216-1cbc-4369-81a8-b02bcdd2e83b", "vulnerability": {"vulnId": "CVE-2023-33106", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "a3cfb216-1cbc-4369-81a8-b02bcdd2e83b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-12-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability | Affected: Qualcomm / Multiple Chipsets | Description: Multiple Qualcomm chipsets contain a use of out-of-range pointer offset vulnerability due to memory corruption in Graphics while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. | Due date: 2023-12-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/1e46e81dbeb69aafd5842ce779f07e617680fd58;  https://nvd.nist.gov/vuln/detail/CVE-2023-33106"}, "references": [{"id": "CVE-2023-33106", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-33106"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-823"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2023-12-26", "date_added": "2023-12-05", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Use of Out-of-Range Pointer Offset Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7f50f113-4836-41dc-9d8f-009110a0f08c", "vulnerability": {"vulnId": "CVE-2023-33107", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "7f50f113-4836-41dc-9d8f-009110a0f08c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-12-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Integer Overflow Vulnerability | Affected: Qualcomm / Multiple Chipsets | Description: Multiple Qualcomm chipsets contain an integer overflow vulnerability due to memory corruption in Graphics Linux while assigning shared virtual memory region during IOCTL call. | Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. | Due date: 2023-12-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-4.19/-/commit/d66b799c804083ea5226cfffac6d6c4e7ad4968b;  https://nvd.nist.gov/vuln/detail/CVE-2023-33107"}, "references": [{"id": "CVE-2023-33107", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-33107"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2023-12-26", "date_added": "2023-12-05", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "af9442cf-bf6a-4a3a-95e0-e90cda3e76be", "vulnerability": {"vulnId": "CVE-2023-33063", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "af9442cf-bf6a-4a3a-95e0-e90cda3e76be", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-12-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Use-After-Free Vulnerability | Affected: Qualcomm / Multiple Chipsets | Description: Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP. | Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. | Due date: 2023-12-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://git.codelinaro.org/clo/la/kernel/msm-5.15/-/commit/2643808ddbedfaabbb334741873fb2857f78188a, https://git.codelinaro.org/clo/la/kernel/msm-4.14/-/commit/d43222efda5a01c9804d74a541e3c1be9b7fe110;  https://nvd.nist.gov/vuln/detail/CVE-2023-33063"}, "references": [{"id": "CVE-2023-33063", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-33063"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2023-12-26", "date_added": "2023-12-05", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0ca2a3ef-3510-45d0-8e95-a13337ede333", "vulnerability": {"vulnId": "CVE-2023-42916", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-04T00:00:00+00:00"}, "gcve": {"object_uuid": "0ca2a3ef-3510-45d0-8e95-a13337ede333", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-12-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. | Due date: 2023-12-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-42916"}, "references": [{"id": "CVE-2023-42916", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-42916"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-125"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-12-25", "date_added": "2023-12-04", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6dacc5fd-d355-413b-8617-2441eafc9aa8", "vulnerability": {"vulnId": "CVE-2023-42917", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-12-04T00:00:00+00:00"}, "gcve": {"object_uuid": "6dacc5fd-d355-413b-8617-2441eafc9aa8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-12-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-12-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable. | Due date: 2023-12-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT214031, https://support.apple.com/en-us/HT214032, https://support.apple.com/en-us/HT214033 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-42917"}, "references": [{"id": "CVE-2023-42917", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-42917"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-12-25", "date_added": "2023-12-04", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ee30b2a4-2c71-47dc-be29-96923bc5a7c8", "vulnerability": {"vulnId": "CVE-2023-49103", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-30T00:00:00+00:00"}, "gcve": {"object_uuid": "ee30b2a4-2c71-47dc-be29-96923bc5a7c8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-30T00:00:00Z"}, "scope": {"notes": "KEV entry: ownCloud graphapi Information Disclosure Vulnerability | Affected: ownCloud / ownCloud graphapi | Description: ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo() via GetPhpInfo.php, including administrative credentials. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-12-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://owncloud.com/security-advisories/disclosure-of-sensitive-credentials-and-configuration-in-containerized-deployments/ ;  https://nvd.nist.gov/vuln/detail/CVE-2023-49103"}, "references": [{"id": "CVE-2023-49103", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-49103"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ownCloud graphapi", "due_date": "2023-12-21", "date_added": "2023-11-30", "vendorProject": "ownCloud", "vulnerabilityName": "ownCloud graphapi Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a9bfabed-c9c2-4145-8653-e4149396021d", "vulnerability": {"vulnId": "CVE-2023-6345", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a9bfabed-c9c2-4145-8653-e4149396021d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Skia Integer Overflow Vulnerability | Affected: Google / Chromium Skia | Description: Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a malicious file. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-12-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://chromereleases.googleblog.com/2023/11/stable-channel-update-for-desktop_28.html ;  https://nvd.nist.gov/vuln/detail/CVE-2023-6345"}, "references": [{"id": "CVE-2023-6345", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-6345"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium Skia", "due_date": "2023-12-21", "date_added": "2023-11-30", "vendorProject": "Google", "vulnerabilityName": "Google Skia Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "592b525e-7883-444e-b2e9-359de1814d5f", "vulnerability": {"vulnId": "CVE-2023-4911", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-21T00:00:00+00:00"}, "gcve": {"object_uuid": "592b525e-7883-444e-b2e9-359de1814d5f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-21T00:00:00Z"}, "scope": {"notes": "KEV entry: GNU C Library Buffer Overflow Vulnerability | Affected: GNU / GNU C Library | Description: GNU C Library's dynamic loader ld.so contains a buffer overflow vulnerability when processing the GLIBC_TUNABLES environment variable, allowing a local attacker to execute code with elevated privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-12-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on patching status. For more information, please see: https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=1056e5b4c3f2d90ed2b4a55f96add28da2f4c8fa, https://access.redhat.com/security/cve/cve-2023-4911, https://www.debian.org/security/2023/dsa-5514 ; https://nvd.nist.gov/vuln/detail/CVE-2023-4911  "}, "references": [{"id": "CVE-2023-4911", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-4911"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "GNU C Library", "due_date": "2023-12-12", "date_added": "2023-11-21", "vendorProject": "GNU", "vulnerabilityName": "GNU C Library Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b5dbf782-f223-4538-8588-dee1258fbcad", "vulnerability": {"vulnId": "CVE-2020-2551", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-16T00:00:00+00:00"}, "gcve": {"object_uuid": "b5dbf782-f223-4538-8588-dee1258fbcad", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Fusion Middleware Unspecified Vulnerability | Affected: Oracle / Fusion Middleware | Description: Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-12-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/cpujan2020.html; https://nvd.nist.gov/vuln/detail/CVE-2020-2551"}, "references": [{"id": "CVE-2020-2551", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-2551"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Fusion Middleware", "due_date": "2023-12-07", "date_added": "2023-11-16", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Fusion Middleware Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1e8bd832-0e95-4f01-84b1-6bd860b71a7d", "vulnerability": {"vulnId": "CVE-2023-1671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-16T00:00:00+00:00"}, "gcve": {"object_uuid": "1e8bd832-0e95-4f01-84b1-6bd860b71a7d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Sophos Web Appliance Command Injection Vulnerability | Affected: Sophos / Web Appliance | Description: Sophos Web Appliance contains a command injection vulnerability in the warn-proceed handler that allows for remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-12-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce;  https://nvd.nist.gov/vuln/detail/CVE-2023-1671"}, "references": [{"id": "CVE-2023-1671", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-1671"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Web Appliance", "due_date": "2023-12-07", "date_added": "2023-11-16", "vendorProject": "Sophos", "vulnerabilityName": "Sophos Web Appliance Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b96d6726-238a-4f11-aa7f-3f9b939ee373", "vulnerability": {"vulnId": "CVE-2023-36584", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-16T00:00:00+00:00"}, "gcve": {"object_uuid": "b96d6726-238a-4f11-aa7f-3f9b939ee373", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-12-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36584 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-36584"}, "references": [{"id": "CVE-2023-36584", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36584"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-12-07", "date_added": "2023-11-16", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b2fd486d-65eb-4c1e-b3c0-fc3f1d294419", "vulnerability": {"vulnId": "CVE-2023-36036", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "b2fd486d-65eb-4c1e-b3c0-fc3f1d294419", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Cloud Files Mini Filter Driver contains a privilege escalation vulnerability that could allow an attacker to gain SYSTEM privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-12-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36036 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-36036"}, "references": [{"id": "CVE-2023-36036", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36036"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-12-05", "date_added": "2023-11-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Cloud Files Mini Filter Driver Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a996d344-b7d6-4411-8b62-58e42ee6c18a", "vulnerability": {"vulnId": "CVE-2023-36025", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "a996d344-b7d6-4411-8b62-58e42ee6c18a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to bypass Windows Defender SmartScreen checks and their associated prompts. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-12-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36025;  https://nvd.nist.gov/vuln/detail/CVE-2023-36025"}, "references": [{"id": "CVE-2023-36025", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36025"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-12-05", "date_added": "2023-11-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows SmartScreen Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b7db9e05-fb1c-481b-a154-6898d76eafee", "vulnerability": {"vulnId": "CVE-2023-36033", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "b7db9e05-fb1c-481b-a154-6898d76eafee", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-12-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36033 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-36033"}, "references": [{"id": "CVE-2023-36033", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36033"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-822"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-12-05", "date_added": "2023-11-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e7ab5f67-ef1e-4b34-8203-41551dbac80a", "vulnerability": {"vulnId": "CVE-2023-36846", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "e7ab5f67-ef1e-4b34-8203-41551dbac80a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability | Affected: Juniper / Junos OS | Description: Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to user.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US ;  https://nvd.nist.gov/vuln/detail/CVE-2023-36846"}, "references": [{"id": "CVE-2023-36846", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36846"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Junos OS", "due_date": "2023-11-17", "date_added": "2023-11-13", "vendorProject": "Juniper", "vulnerabilityName": "Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0d90b801-ce04-4524-9b55-cddf617bfaf4", "vulnerability": {"vulnId": "CVE-2023-36844", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "0d90b801-ce04-4524-9b55-cddf617bfaf4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Juniper Junos OS EX Series PHP External Variable Modification Vulnerability | Affected: Juniper / Junos OS | Description: Juniper Junos OS on EX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control certain, important environment variables. Using a crafted request an attacker is able to modify certain PHP environment variables, leading to partial loss of integrity, which may allow chaining to other vulnerabilities. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US ;  https://nvd.nist.gov/vuln/detail/CVE-2023-36844"}, "references": [{"id": "CVE-2023-36844", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36844"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-473"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Junos OS", "due_date": "2023-11-17", "date_added": "2023-11-13", "vendorProject": "Juniper", "vulnerabilityName": "Juniper Junos OS EX Series PHP External Variable Modification Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "322461f5-55e0-4813-bf73-a4a7ed19a557", "vulnerability": {"vulnId": "CVE-2023-36845", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "322461f5-55e0-4813-bf73-a4a7ed19a557", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability | Affected: Juniper / Junos OS | Description: Juniper Junos OS on EX Series and SRX Series contains a PHP external variable modification vulnerability that allows an unauthenticated, network-based attacker to control an important environment variable. Using a crafted request, which sets the variable PHPRC, an attacker is able to modify the PHP execution environment allowing the injection und execution of code. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US ;  https://nvd.nist.gov/vuln/detail/CVE-2023-36845"}, "references": [{"id": "CVE-2023-36845", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36845"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-473"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Junos OS", "due_date": "2023-11-17", "date_added": "2023-11-13", "vendorProject": "Juniper", "vulnerabilityName": "Juniper Junos OS EX Series and SRX Series PHP External Variable Modification Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2561a637-cc13-4f79-ba6a-3821137d329e", "vulnerability": {"vulnId": "CVE-2023-36851", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "2561a637-cc13-4f79-ba6a-3821137d329e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability | Affected: Juniper / Junos OS | Description: Juniper Junos OS on SRX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauth_operation.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US ;  https://nvd.nist.gov/vuln/detail/CVE-2023-36851"}, "references": [{"id": "CVE-2023-36851", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36851"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Junos OS", "due_date": "2023-11-17", "date_added": "2023-11-13", "vendorProject": "Juniper", "vulnerabilityName": "Juniper Junos OS SRX Series Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f2122385-8bad-4ada-ae59-182f7ae72b90", "vulnerability": {"vulnId": "CVE-2023-36847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "f2122385-8bad-4ada-ae59-182f7ae72b90", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability | Affected: Juniper / Junos OS | Description: Juniper Junos OS on EX Series contains a missing authentication for critical function vulnerability that allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to installAppPackage.php that doesn't require authentication, an attacker is able to upload arbitrary files via J-Web, leading to a loss of integrity for a certain part of the file system, which may allow chaining to other vulnerabilities. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US;  https://nvd.nist.gov/vuln/detail/CVE-2023-36847"}, "references": [{"id": "CVE-2023-36847", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36847"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Junos OS", "due_date": "2023-11-17", "date_added": "2023-11-13", "vendorProject": "Juniper", "vulnerabilityName": "Juniper Junos OS EX Series Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d39c441e-d3f7-4afe-9612-a2ec5cef042c", "vulnerability": {"vulnId": "CVE-2023-47246", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-13T00:00:00+00:00"}, "gcve": {"object_uuid": "d39c441e-d3f7-4afe-9612-a2ec5cef042c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-13T00:00:00Z"}, "scope": {"notes": "KEV entry: SysAid Server Path Traversal Vulnerability | Affected: SysAid / SysAid Server | Description: SysAid Server (on-premises version) contains a path traversal vulnerability that leads to code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-12-04 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification; https://nvd.nist.gov/vuln/detail/CVE-2023-47246"}, "references": [{"id": "CVE-2023-47246", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-47246"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SysAid Server", "due_date": "2023-12-04", "date_added": "2023-11-13", "vendorProject": "SysAid", "vulnerabilityName": "SysAid Server Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "a7b2e9e6-d290-41b3-af34-4085e8dafa7d", "vulnerability": {"vulnId": "CVE-2023-29552", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "a7b2e9e6-d290-41b3-af34-4085e8dafa7d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Service Location Protocol (SLP) Denial-of-Service Vulnerability | Affected: IETF / Service Location Protocol (SLP) | Description: The Service Location Protocol (SLP) contains a denial-of-service (DoS) vulnerability that could allow an unauthenticated, remote attacker to register services and use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor. | Required action: Apply mitigations per vendor instructions or disable SLP service or port 427/UDP on all systems running on untrusted networks, including those directly connected to the Internet. | Due date: 2023-11-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or a protocol used by different products. Please check with specific vendors for information on the patching status. For more information please see https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp and https://www.cisa.gov/news-events/alerts/2023/04/25/abuse-service-location-protocol-may-lead-dos-attacks.;  https://nvd.nist.gov/vuln/detail/CVE-2023-29552"}, "references": [{"id": "CVE-2023-29552", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-29552"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Service Location Protocol (SLP)", "due_date": "2023-11-29", "date_added": "2023-11-08", "vendorProject": "IETF", "vulnerabilityName": "Service Location Protocol (SLP) Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bd02a2d0-e7cc-4f5c-ad6e-065f39d2f053", "vulnerability": {"vulnId": "CVE-2023-22518", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-07T00:00:00+00:00"}, "gcve": {"object_uuid": "bd02a2d0-e7cc-4f5c-ad6e-065f39d2f053", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Confluence Data Center and Server Improper Authorization Vulnerability | Affected: Atlassian / Confluence Data Center and Server | Description: Atlassian Confluence Data Center and Server contain an improper authorization vulnerability that can result in significant data loss when exploited by an unauthenticated attacker. There is no impact on confidentiality since the attacker cannot exfiltrate any data. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-11-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-22518"}, "references": [{"id": "CVE-2023-22518", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-22518"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Confluence Data Center and Server", "due_date": "2023-11-28", "date_added": "2023-11-07", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Confluence Data Center and Server Improper Authorization Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "eafa255c-065f-41f9-a401-581d793dafd1", "vulnerability": {"vulnId": "CVE-2023-46604", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-11-02T00:00:00+00:00"}, "gcve": {"object_uuid": "eafa255c-065f-41f9-a401-581d793dafd1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-11-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-11-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache ActiveMQ Deserialization of Untrusted Data Vulnerability | Affected: Apache / ActiveMQ | Description: Apache ActiveMQ contains a deserialization of untrusted data vulnerability that may allow a remote attacker with network access to a broker to run shell commands by manipulating serialized class types in the OpenWire protocol to cause the broker to instantiate any class on the classpath. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-11-23 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt; https://nvd.nist.gov/vuln/detail/CVE-2023-46604"}, "references": [{"id": "CVE-2023-46604", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-46604"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ActiveMQ", "due_date": "2023-11-23", "date_added": "2023-11-02", "vendorProject": "Apache", "vulnerabilityName": "Apache ActiveMQ Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "4137da82-781b-429c-836b-b4d741146c07", "vulnerability": {"vulnId": "CVE-2023-46748", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-31T00:00:00+00:00"}, "gcve": {"object_uuid": "4137da82-781b-429c-836b-b4d741146c07", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-31T00:00:00Z"}, "scope": {"notes": "KEV entry: F5 BIG-IP Configuration Utility SQL Injection Vulnerability | Affected: F5 / BIG-IP Configuration Utility | Description: F5 BIG-IP Configuration utility contains an SQL injection vulnerability that may allow an authenticated attacker with network access through the BIG-IP management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46747. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-11-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://my.f5.com/manage/s/article/K000137365 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-46748"}, "references": [{"id": "CVE-2023-46748", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-46748"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "BIG-IP Configuration Utility", "due_date": "2023-11-21", "date_added": "2023-10-31", "vendorProject": "F5", "vulnerabilityName": "F5 BIG-IP Configuration Utility SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f6086f88-03ef-4527-91b5-462904d2ace1", "vulnerability": {"vulnId": "CVE-2023-46747", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-31T00:00:00+00:00"}, "gcve": {"object_uuid": "f6086f88-03ef-4527-91b5-462904d2ace1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-31T00:00:00Z"}, "scope": {"notes": "KEV entry: F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability | Affected: F5 / BIG-IP Configuration Utility | Description: F5 BIG-IP Configuration utility contains an authentication bypass using an alternate path or channel vulnerability due to undisclosed requests that may allow an unauthenticated attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute system commands. This vulnerability can be used in conjunction with CVE-2023-46748. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-11-21 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://my.f5.com/manage/s/article/K000137353;   https://nvd.nist.gov/vuln/detail/CVE-2023-46747"}, "references": [{"id": "CVE-2023-46747", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-46747"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "BIG-IP Configuration Utility", "due_date": "2023-11-21", "date_added": "2023-10-31", "vendorProject": "F5", "vulnerabilityName": "F5 BIG-IP Configuration Utility Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "72b2c094-241b-4afb-89a0-01810c8aa47b", "vulnerability": {"vulnId": "CVE-2023-5631", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-26T00:00:00+00:00"}, "gcve": {"object_uuid": "72b2c094-241b-4afb-89a0-01810c8aa47b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability | Affected: Roundcube / Webmail | Description: Roundcube Webmail contains a persistent cross-site scripting (XSS) vulnerability that allows a remote attacker to run malicious JavaScript code. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-11-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://roundcube.net/news/2023/10/16/security-update-1.6.4-released, https://roundcube.net/news/2023/10/16/security-updates-1.5.5-and-1.4.15 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-5631"}, "references": [{"id": "CVE-2023-5631", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-5631"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Webmail", "due_date": "2023-11-16", "date_added": "2023-10-26", "vendorProject": "Roundcube", "vulnerabilityName": "Roundcube Webmail Persistent Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b20afb65-0745-4292-9fae-3d42ff6b77d2", "vulnerability": {"vulnId": "CVE-2023-20273", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-23T00:00:00+00:00"}, "gcve": {"object_uuid": "b20afb65-0745-4292-9fae-3d42ff6b77d2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS XE Web UI Command Injection Vulnerability | Affected: Cisco / Cisco IOS XE Web UI | Description: Cisco IOS XE contains a command injection vulnerability in the web user interface. When chained with CVE-2023-20198, the attacker can leverage the new local user to elevate privilege to root and write the implant to the file system. Cisco identified CVE-2023-20273 as the vulnerability exploited to deploy the implant. CVE-2021-1435, previously associated with the exploitation events, is no longer believed to be related to this activity. | Required action: Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA. | Due date: 2023-10-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z;  https://nvd.nist.gov/vuln/detail/CVE-2023-20273"}, "references": [{"id": "CVE-2023-20273", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-20273"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Cisco IOS XE Web UI", "due_date": "2023-10-27", "date_added": "2023-10-23", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS XE Web UI Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a7d4f808-e166-454b-97a6-902803fe827b", "vulnerability": {"vulnId": "CVE-2023-4966", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-18T00:00:00+00:00"}, "gcve": {"object_uuid": "a7d4f808-e166-454b-97a6-902803fe827b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability | Affected: Citrix / NetScaler ADC and NetScaler Gateway | Description: Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server. | Required action: Apply mitigations and kill all active and persistent sessions per vendor instructions [https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/] OR discontinue use of the product if mitigations are unavailable. | Due date: 2023-11-08 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/, https://support.citrix.com/article/CTX579459/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20234966-and-cve20234967 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-4966"}, "references": [{"id": "CVE-2023-4966", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-4966"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetScaler ADC and NetScaler Gateway", "due_date": "2023-11-08", "date_added": "2023-10-18", "vendorProject": "Citrix", "vulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2a36a238-3027-4949-ba46-84a2468a8683", "vulnerability": {"vulnId": "CVE-2023-20198", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-16T00:00:00+00:00"}, "gcve": {"object_uuid": "2a36a238-3027-4949-ba46-84a2468a8683", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS XE Web UI Privilege Escalation Vulnerability | Affected: Cisco / IOS XE Web UI | Description: Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device. | Required action: Verify that instances of Cisco IOS XE Web UI are in compliance with BOD 23-02 and apply mitigations per vendor instructions. For affected products (Cisco IOS XE Web UI exposed to the internet or to untrusted networks), follow vendor instructions to determine if a system may have been compromised and immediately report positive findings to CISA. | Due date: 2023-10-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/ios-xe-dublin-17121/221128-software-fix-availability-for-cisco-ios.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-20198"}, "references": [{"id": "CVE-2023-20198", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-20198"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-420"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS XE Web UI", "due_date": "2023-10-20", "date_added": "2023-10-16", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS XE Web UI Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "de69649c-6854-43a2-8738-5fabb8e829ea", "vulnerability": {"vulnId": "CVE-2023-41763", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-10T00:00:00+00:00"}, "gcve": {"object_uuid": "de69649c-6854-43a2-8738-5fabb8e829ea", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Skype for Business Privilege Escalation Vulnerability | Affected: Microsoft / Skype for Business | Description: Microsoft Skype for Business contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-41763;   https://nvd.nist.gov/vuln/detail/CVE-2023-41763"}, "references": [{"id": "CVE-2023-41763", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41763"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Skype for Business", "due_date": "2023-10-31", "date_added": "2023-10-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Skype for Business Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4441842a-dcf2-4b86-a575-007bad2b482a", "vulnerability": {"vulnId": "CVE-2023-44487", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-10T00:00:00+00:00"}, "gcve": {"object_uuid": "4441842a-dcf2-4b86-a575-007bad2b482a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-10T00:00:00Z"}, "scope": {"notes": "KEV entry: HTTP/2 Rapid Reset Attack Vulnerability | Affected: IETF / HTTP/2 | Description: HTTP/2 contains a rapid reset vulnerability that allows for a distributed denial-of-service attack (DDoS). | Required action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): This vulnerability affects a common open-source component, third-party library, or protocol used by different products. For more information, please see: HTTP/2 Rapid Reset Vulnerability, CVE-2023-44487 | CISA: https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487; https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/;  https://nvd.nist.gov/vuln/detail/CVE-2023-44487"}, "references": [{"id": "CVE-2023-44487", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-44487"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-400"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HTTP/2", "due_date": "2023-10-31", "date_added": "2023-10-10", "vendorProject": "IETF", "vulnerabilityName": "HTTP/2 Rapid Reset Attack Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e294de2d-b63b-4509-bf34-bca13f6b62d5", "vulnerability": {"vulnId": "CVE-2023-20109", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-10T00:00:00+00:00"}, "gcve": {"object_uuid": "e294de2d-b63b-4509-bf34-bca13f6b62d5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability | Affected: Cisco / IOS and IOS XE | Description: Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN (GET VPN) feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-getvpn-rce-g8qR68sx;  https://nvd.nist.gov/vuln/detail/CVE-2023-20109"}, "references": [{"id": "CVE-2023-20109", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-20109"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE", "due_date": "2023-10-31", "date_added": "2023-10-10", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Group Encrypted Transport VPN Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "be705179-3d7e-4533-a4d1-d17791a4a1b6", "vulnerability": {"vulnId": "CVE-2023-36563", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-10T00:00:00+00:00"}, "gcve": {"object_uuid": "be705179-3d7e-4533-a4d1-d17791a4a1b6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft WordPad Information Disclosure Vulnerability | Affected: Microsoft / WordPad | Description: Microsoft WordPad contains an unspecified vulnerability that allows for information disclosure. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36563;  https://nvd.nist.gov/vuln/detail/CVE-2023-36563"}, "references": [{"id": "CVE-2023-36563", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36563"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WordPad", "due_date": "2023-10-31", "date_added": "2023-10-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft WordPad Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c7389b2a-2328-4d60-a696-9c822285bbe7", "vulnerability": {"vulnId": "CVE-2023-21608", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-10T00:00:00+00:00"}, "gcve": {"object_uuid": "c7389b2a-2328-4d60-a696-9c822285bbe7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Acrobat and Reader Use-After-Free Vulnerability | Affected: Adobe / Acrobat and Reader | Description: Adobe Acrobat and Reader contains a use-after-free vulnerability that allows for code execution in the context of the current user. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://helpx.adobe.com/security/products/acrobat/apsb23-01.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-21608"}, "references": [{"id": "CVE-2023-21608", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-21608"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Acrobat and Reader", "due_date": "2023-10-31", "date_added": "2023-10-10", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Acrobat and Reader Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f9e5acc3-6c90-4716-a692-1b5ea7d55a63", "vulnerability": {"vulnId": "CVE-2023-42824", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-05T00:00:00+00:00"}, "gcve": {"object_uuid": "f9e5acc3-6c90-4716-a692-1b5ea7d55a63", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability | Affected: Apple / iOS and iPadOS | Description: Apple iOS and iPadOS contain an unspecified vulnerability that allows for local privilege escalation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213961;  https://nvd.nist.gov/vuln/detail/CVE-2023-42824"}, "references": [{"id": "CVE-2023-42824", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-42824"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS and iPadOS", "due_date": "2023-10-26", "date_added": "2023-10-05", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS and iPadOS Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3ea914ee-a850-4f6b-913b-b848fe79b325", "vulnerability": {"vulnId": "CVE-2023-40044", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-05T00:00:00+00:00"}, "gcve": {"object_uuid": "3ea914ee-a850-4f6b-913b-b848fe79b325", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability | Affected: Progress / WS_FTP Server | Description: Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-26 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023; https://nvd.nist.gov/vuln/detail/CVE-2023-40044"}, "references": [{"id": "CVE-2023-40044", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-40044"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WS_FTP Server", "due_date": "2023-10-26", "date_added": "2023-10-05", "vendorProject": "Progress", "vulnerabilityName": "Progress WS_FTP Server Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "a07b4140-f093-457c-90f5-bd5ce5e31683", "vulnerability": {"vulnId": "CVE-2023-22515", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-05T00:00:00+00:00"}, "gcve": {"object_uuid": "a07b4140-f093-457c-90f5-bd5ce5e31683", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Confluence Data Center and Server Broken Access Control Vulnerability | Affected: Atlassian / Confluence Data Center and Server | Description: Atlassian Confluence Data Center and Server contains a broken access control vulnerability that allows an attacker to create unauthorized Confluence administrator accounts and access Confluence. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Check all affected Confluence instances for evidence of compromise per vendor instructions and report any positive findings to CISA. | Due date: 2023-10-13 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-22515"}, "references": [{"id": "CVE-2023-22515", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-22515"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Confluence Data Center and Server", "due_date": "2023-10-13", "date_added": "2023-10-05", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Confluence Data Center and Server Broken Access Control Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "6be7461c-ed0c-4ccf-876c-8cfa9d0be2e7", "vulnerability": {"vulnId": "CVE-2023-42793", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-04T00:00:00+00:00"}, "gcve": {"object_uuid": "6be7461c-ed0c-4ccf-876c-8cfa9d0be2e7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-04T00:00:00Z"}, "scope": {"notes": "KEV entry: JetBrains TeamCity Authentication Bypass Vulnerability | Affected: JetBrains / TeamCity | Description: JetBrains TeamCity contains an authentication bypass vulnerability that allows for remote code execution on TeamCity Server. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-25 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://blog.jetbrains.com/teamcity/2023/09/critical-security-issue-affecting-teamcity-on-premises-update-to-2023-05-4-now/ ;  https://nvd.nist.gov/vuln/detail/CVE-2023-42793"}, "references": [{"id": "CVE-2023-42793", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-42793"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "TeamCity", "due_date": "2023-10-25", "date_added": "2023-10-04", "vendorProject": "JetBrains", "vulnerabilityName": "JetBrains TeamCity Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "5b549e4e-a327-4519-b117-70c5c2df9b88", "vulnerability": {"vulnId": "CVE-2023-28229", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-04T00:00:00+00:00"}, "gcve": {"object_uuid": "5b549e4e-a327-4519-b117-70c5c2df9b88", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability | Affected: Microsoft / Windows CNG Key Isolation Service | Description: Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain specific limited SYSTEM privileges. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-28229; https://nvd.nist.gov/vuln/detail/CVE-2023-28229"}, "references": [{"id": "CVE-2023-28229", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-28229"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-591"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows CNG Key Isolation Service", "due_date": "2023-10-25", "date_added": "2023-10-04", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b24ab48c-6058-475b-94f6-5d1a2e29ed0d", "vulnerability": {"vulnId": "CVE-2023-4211", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b24ab48c-6058-475b-94f6-5d1a2e29ed0d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability | Affected: Arm / Mali GPU Kernel Driver | Description: Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that allows a local, non-privileged user to make improper GPU memory processing operations to gain access to already freed memory. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities;  https://nvd.nist.gov/vuln/detail/CVE-2023-4211"}, "references": [{"id": "CVE-2023-4211", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-4211"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mali GPU Kernel Driver", "due_date": "2023-10-24", "date_added": "2023-10-03", "vendorProject": "Arm", "vulnerabilityName": "Arm Mali GPU Kernel Driver Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "74df2788-390f-45df-b8b2-7da229fb9084", "vulnerability": {"vulnId": "CVE-2023-5217", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-10-02T00:00:00+00:00"}, "gcve": {"object_uuid": "74df2788-390f-45df-b8b2-7da229fb9084", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-10-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-10-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium libvpx Heap Buffer Overflow Vulnerability | Affected: Google / Chromium libvpx | Description: Google Chromium libvpx contains a heap buffer overflow vulnerability in vp8 encoding that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could impact web browsers using libvpx, including but not limited to Google Chrome. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html; https://nvd.nist.gov/vuln/detail/CVE-2023-5217"}, "references": [{"id": "CVE-2023-5217", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-5217"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium libvpx", "due_date": "2023-10-23", "date_added": "2023-10-02", "vendorProject": "Google", "vulnerabilityName": "Google Chromium libvpx Heap Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f21bce52-5915-454e-a7a1-3beccf32d861", "vulnerability": {"vulnId": "CVE-2018-14667", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-28T00:00:00+00:00"}, "gcve": {"object_uuid": "f21bce52-5915-454e-a7a1-3beccf32d861", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability | Affected: Red Hat / JBoss RichFaces Framework | Description: Red Hat JBoss RichFaces Framework contains an expression language injection vulnerability via the UserResource resource. A remote, unauthenticated attacker could exploit this vulnerability to execute malicious code using a chain of Java serialized objects via org.ajax4jsf.resource.UserResource$UriData. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14667; https://nvd.nist.gov/vuln/detail/CVE-2018-14667"}, "references": [{"id": "CVE-2018-14667", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-14667"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "JBoss RichFaces Framework", "due_date": "2023-10-19", "date_added": "2023-09-28", "vendorProject": "Red Hat", "vulnerabilityName": "Red Hat JBoss RichFaces Framework Expression Language Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5b0c20de-fcf2-43d3-9e44-720cb815919f", "vulnerability": {"vulnId": "CVE-2023-41993", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-25T00:00:00+00:00"}, "gcve": {"object_uuid": "5b0c20de-fcf2-43d3-9e44-720cb815919f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Code Execution Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213930;  https://nvd.nist.gov/vuln/detail/CVE-2023-41993"}, "references": [{"id": "CVE-2023-41993", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41993"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-754"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-10-16", "date_added": "2023-09-25", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c7016838-a381-4c1b-953c-3eb5a5a52011", "vulnerability": {"vulnId": "CVE-2023-41992", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c7016838-a381-4c1b-953c-3eb5a5a52011", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Kernel Privilege Escalation Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and watchOS contain an unspecified vulnerability that allows for local privilege escalation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213928, https://support.apple.com/en-us/HT213929, https://support.apple.com/en-us/HT213931, https://support.apple.com/en-us/HT213932;  https://nvd.nist.gov/vuln/detail/CVE-2023-41992"}, "references": [{"id": "CVE-2023-41992", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41992"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-754"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-10-16", "date_added": "2023-09-25", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a783545e-dcb5-4a07-8f61-3d1603939e20", "vulnerability": {"vulnId": "CVE-2023-41991", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a783545e-dcb5-4a07-8f61-3d1603939e20", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Improper Certificate Validation Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and watchOS contain an improper certificate validation vulnerability that can allow a malicious app to bypass signature validation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213926, https://support.apple.com/en-us/HT213927, https://support.apple.com/en-us/HT213928, https://support.apple.com/en-us/HT213929, https://support.apple.com/en-us/HT213931 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-41991"}, "references": [{"id": "CVE-2023-41991", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41991"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-295"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-10-16", "date_added": "2023-09-25", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Improper Certificate Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0a85d3d7-29b1-4745-a314-6ba21e8394e9", "vulnerability": {"vulnId": "CVE-2023-41179", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-21T00:00:00+00:00"}, "gcve": {"object_uuid": "0a85d3d7-29b1-4745-a314-6ba21e8394e9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability | Affected: Trend Micro / Apex One and Worry-Free Business Security | Description: Trend Micro Apex One and Worry-Free Business Security contain an unspecified vulnerability in the third-party anti-virus uninstaller that could allow an attacker to manipulate the module to conduct remote code execution. An attacker must first obtain administrative console access on the target system in order to exploit this vulnerability. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US ; https://nvd.nist.gov/vuln/detail/CVE-2023-41179"}, "references": [{"id": "CVE-2023-41179", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41179"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One and Worry-Free Business Security", "due_date": "2023-10-12", "date_added": "2023-09-21", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Apex One and Worry-Free Business Security Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0df09428-2a3f-49b5-9106-82db439c7146", "vulnerability": {"vulnId": "CVE-2023-28434", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-19T00:00:00+00:00"}, "gcve": {"object_uuid": "0df09428-2a3f-49b5-9106-82db439c7146", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-19T00:00:00Z"}, "scope": {"notes": "KEV entry: MinIO Security Feature Bypass Vulnerability | Affected: MinIO / MinIO | Description: MinIO contains a security feature bypass vulnerability that allows an attacker to use crafted requests to bypass metadata bucket name checking and put an object into any bucket while processing `PostPolicyBucket` to conduct privilege escalation. To carry out this attack, the attacker requires credentials with `arn:aws:s3:::*` permission, as well as enabled Console API access. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/minio/minio/security/advisories/GHSA-2pxw-r47w-4p8c;  https://nvd.nist.gov/vuln/detail/CVE-2023-28434"}, "references": [{"id": "CVE-2023-28434", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-28434"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MinIO", "due_date": "2023-10-10", "date_added": "2023-09-19", "vendorProject": "MinIO", "vulnerabilityName": "MinIO Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8983250d-1317-4527-be45-013d80916e29", "vulnerability": {"vulnId": "CVE-2014-8361", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "8983250d-1317-4527-be45-013d80916e29", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Realtek SDK Improper Input Validation Vulnerability | Affected: Realtek / SDK | Description: Realtek SDK contains an improper input validation vulnerability in the miniigd SOAP service that allows remote attackers to execute malicious code via a crafted NewInternalClient request. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://web.archive.org/web/20150831100501/http://securityadvisories.dlink.com/security/publication.aspx?name=SAP10055; https://nvd.nist.gov/vuln/detail/CVE-2014-8361"}, "references": [{"id": "CVE-2014-8361", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-8361"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SDK", "due_date": "2023-10-09", "date_added": "2023-09-18", "vendorProject": "Realtek", "vulnerabilityName": "Realtek SDK Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ad7f0cb9-8c13-480c-a32b-7fb1ff067546", "vulnerability": {"vulnId": "CVE-2021-3129", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "ad7f0cb9-8c13-480c-a32b-7fb1ff067546", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Laravel Ignition File Upload Vulnerability | Affected: Laravel / Ignition | Description: Laravel Ignition contains a file upload vulnerability that allows unauthenticated remote attackers to execute malicious code due to insecure usage of file_get_contents() and file_put_contents(). | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-09 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://github.com/facade/ignition/releases/tag/2.5.2; https://nvd.nist.gov/vuln/detail/CVE-2021-3129"}, "references": [{"id": "CVE-2021-3129", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-3129"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Ignition", "due_date": "2023-10-09", "date_added": "2023-09-18", "vendorProject": "Laravel", "vulnerabilityName": "Laravel Ignition File Upload Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "dcb976df-7aa3-4218-b22e-360d91c3d28e", "vulnerability": {"vulnId": "CVE-2017-6884", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "dcb976df-7aa3-4218-b22e-360d91c3d28e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel EMG2926 Routers Command Injection Vulnerability | Affected: Zyxel / EMG2926 Routers | Description: Zyxel EMG2926 routers contain a command injection vulnerability located in the diagnostic tools, specifically the nslookup function. A malicious user may exploit numerous vectors to execute malicious commands on the router, such as the ping_ip parameter to the expert/maintenance/diagnostic/nslookup URI. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-09 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-emg2926-q10a-ethernet-cpe, https://www.zyxelguard.com/Zyxel-EOL.asp; https://nvd.nist.gov/vuln/detail/CVE-2017-6884"}, "references": [{"id": "CVE-2017-6884", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6884"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "EMG2926 Routers", "due_date": "2023-10-09", "date_added": "2023-09-18", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel EMG2926 Routers Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "456095ba-5517-43fb-94b3-be27764b101f", "vulnerability": {"vulnId": "CVE-2022-22265", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-18T00:00:00+00:00"}, "gcve": {"object_uuid": "456095ba-5517-43fb-94b3-be27764b101f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Use-After-Free Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb?year=2022&month=1;  https://nvd.nist.gov/vuln/detail/CVE-2022-22265"}, "references": [{"id": "CVE-2022-22265", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22265"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-703"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2023-10-09", "date_added": "2023-09-18", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "56e1812c-5ce8-4e96-b3bb-d0c056c232f3", "vulnerability": {"vulnId": "CVE-2023-26369", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "56e1812c-5ce8-4e96-b3bb-d0c056c232f3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability | Affected: Adobe / Acrobat and Reader | Description: Adobe Acrobat and Reader contains an out-of-bounds write vulnerability that allows for code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://helpx.adobe.com/security/products/acrobat/apsb23-34.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-26369"}, "references": [{"id": "CVE-2023-26369", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-26369"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Acrobat and Reader", "due_date": "2023-10-05", "date_added": "2023-09-14", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Acrobat and Reader Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9c66c1c7-ea90-437f-bd9a-10282031fb74", "vulnerability": {"vulnId": "CVE-2023-35674", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-13T00:00:00+00:00"}, "gcve": {"object_uuid": "9c66c1c7-ea90-437f-bd9a-10282031fb74", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Framework Privilege Escalation Vulnerability | Affected: Android / Framework | Description: Android Framework contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://source.android.com/docs/security/bulletin/2023-09-01;  https://nvd.nist.gov/vuln/detail/CVE-2023-35674"}, "references": [{"id": "CVE-2023-35674", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-35674"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Framework", "due_date": "2023-10-04", "date_added": "2023-09-13", "vendorProject": "Android", "vulnerabilityName": "Android Framework Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "eebff792-e646-4d39-a26c-52a1f308c0e9", "vulnerability": {"vulnId": "CVE-2023-20269", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-13T00:00:00+00:00"}, "gcve": {"object_uuid": "eebff792-e646-4d39-a26c-52a1f308c0e9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability | Affected: Cisco / Adaptive Security Appliance and Firepower Threat Defense | Description: Cisco Adaptive Security Appliance and Firepower Threat Defense contain an unauthorized access vulnerability that could allow an unauthenticated, remote attacker to conduct a brute force attack in an attempt to identify valid username and password combinations or establish a clientless SSL VPN session with an unauthorized user. | Required action: Apply mitigations per vendor instructions for group-lock and vpn-simultaneous-logins or discontinue use of the product for unsupported devices. | Due date: 2023-10-04 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC;  https://nvd.nist.gov/vuln/detail/CVE-2023-20269"}, "references": [{"id": "CVE-2023-20269", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-20269"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Adaptive Security Appliance and Firepower Threat Defense", "due_date": "2023-10-04", "date_added": "2023-09-13", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Adaptive Security Appliance and Firepower Threat Defense Unauthorized Access Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "76c80909-1637-4aa6-be6d-eb69244d4e8b", "vulnerability": {"vulnId": "CVE-2023-4863", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-13T00:00:00+00:00"}, "gcve": {"object_uuid": "76c80909-1637-4aa6-be6d-eb69244d4e8b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium WebP Heap-Based Buffer Overflow Vulnerability | Affected: Google / Chromium WebP | Description: Google Chromium WebP contains a heap-based buffer overflow vulnerability that allows a remote attacker to perform an out-of-bounds memory write via a crafted HTML page. This vulnerability can affect applications that use the WebP Codec. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_11.html?m=1; https://nvd.nist.gov/vuln/detail/CVE-2023-4863"}, "references": [{"id": "CVE-2023-4863", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-4863"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium WebP", "due_date": "2023-10-04", "date_added": "2023-09-13", "vendorProject": "Google", "vulnerabilityName": "Google Chromium WebP Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b3e8b59e-63a3-45f3-bf86-e5f172e19a82", "vulnerability": {"vulnId": "CVE-2023-36761", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-12T00:00:00+00:00"}, "gcve": {"object_uuid": "b3e8b59e-63a3-45f3-bf86-e5f172e19a82", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Word Information Disclosure Vulnerability | Affected: Microsoft / Word | Description: Microsoft Word contains an unspecified vulnerability that allows for information disclosure. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36761;  https://nvd.nist.gov/vuln/detail/CVE-2023-36761"}, "references": [{"id": "CVE-2023-36761", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36761"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-668"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Word", "due_date": "2023-10-03", "date_added": "2023-09-12", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Word Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9e463f47-0725-4e1b-99ec-c582e600a803", "vulnerability": {"vulnId": "CVE-2023-36802", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-12T00:00:00+00:00"}, "gcve": {"object_uuid": "9e463f47-0725-4e1b-99ec-c582e600a803", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Streaming Service Proxy Privilege Escalation Vulnerability | Affected: Microsoft / Streaming Service Proxy | Description: Microsoft Streaming Service Proxy contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36802;   https://nvd.nist.gov/vuln/detail/CVE-2023-36802"}, "references": [{"id": "CVE-2023-36802", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36802"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Streaming Service Proxy", "due_date": "2023-10-03", "date_added": "2023-09-12", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Streaming Service Proxy Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "784088b1-d34e-48e0-8513-ba14396eff7d", "vulnerability": {"vulnId": "CVE-2023-41064", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-11T00:00:00+00:00"}, "gcve": {"object_uuid": "784088b1-d34e-48e0-8513-ba14396eff7d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability | Affected: Apple / iOS, iPadOS, and macOS | Description: Apple iOS, iPadOS, and macOS contain a buffer overflow vulnerability in ImageIO when processing a maliciously crafted image, which may lead to code execution. This vulnerability was chained with CVE-2023-41061. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213905, https://support.apple.com/en-us/HT213906; https://nvd.nist.gov/vuln/detail/CVE-2023-41064"}, "references": [{"id": "CVE-2023-41064", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41064"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-120"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and macOS", "due_date": "2023-10-02", "date_added": "2023-09-11", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and macOS ImageIO Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bb5a5ebd-ffab-4b0f-ac7f-97a26982d9f0", "vulnerability": {"vulnId": "CVE-2023-41061", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-11T00:00:00+00:00"}, "gcve": {"object_uuid": "bb5a5ebd-ffab-4b0f-ac7f-97a26982d9f0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability | Affected: Apple / iOS, iPadOS, and watchOS | Description: Apple iOS, iPadOS, and watchOS contain an unspecified vulnerability due to a validation issue affecting Wallet in which a maliciously crafted attachment may result in code execution. This vulnerability was chained with CVE-2023-41064. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-10-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213905, https://support.apple.com/kb/HT213907; https://nvd.nist.gov/vuln/detail/CVE-2023-41061"}, "references": [{"id": "CVE-2023-41061", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-41061"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and watchOS", "due_date": "2023-10-02", "date_added": "2023-09-11", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and watchOS Wallet Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "31ef4cd6-0aac-4a34-9e6d-b07df6ae239f", "vulnerability": {"vulnId": "CVE-2023-33246", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-09-06T00:00:00+00:00"}, "gcve": {"object_uuid": "31ef4cd6-0aac-4a34-9e6d-b07df6ae239f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-09-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-09-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache RocketMQ Command Execution Vulnerability | Affected: Apache / RocketMQ | Description: Several components of Apache RocketMQ, including NameServer, Broker, and Controller, are exposed to the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that RocketMQ is running as or achieve the same effect by forging the RocketMQ protocol content. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-09-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://lists.apache.org/thread/1s8j2c8kogthtpv3060yddk03zq0pxyp;  https://nvd.nist.gov/vuln/detail/CVE-2023-33246"}, "references": [{"id": "CVE-2023-33246", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-33246"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "RocketMQ", "due_date": "2023-09-27", "date_added": "2023-09-06", "vendorProject": "Apache", "vulnerabilityName": "Apache RocketMQ Command Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5c6cb711-6e2c-4c94-beaa-e9aaf24c4a39", "vulnerability": {"vulnId": "CVE-2023-38831", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-24T00:00:00+00:00"}, "gcve": {"object_uuid": "5c6cb711-6e2c-4c94-beaa-e9aaf24c4a39", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-08-24T00:00:00Z"}, "scope": {"notes": "KEV entry: RARLAB WinRAR Code Execution Vulnerability | Affected: RARLAB / WinRAR | Description: RARLAB WinRAR contains an unspecified vulnerability that allows an attacker to execute code when a user attempts to view a benign file within a ZIP archive. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-09-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): http://www.win-rar.com/singlenewsview.html?&L=0&tx_ttnews%5Btt_news%5D=232&cHash=c5bf79590657e32554c6683296a8e8aa;  https://nvd.nist.gov/vuln/detail/CVE-2023-38831"}, "references": [{"id": "CVE-2023-38831", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38831"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-351"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WinRAR", "due_date": "2023-09-14", "date_added": "2023-08-24", "vendorProject": "RARLAB", "vulnerabilityName": "RARLAB WinRAR Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "b5d080f8-4eac-404f-884e-120f53241976", "vulnerability": {"vulnId": "CVE-2023-32315", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-24T00:00:00+00:00"}, "gcve": {"object_uuid": "b5d080f8-4eac-404f-884e-120f53241976", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-08-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Ignite Realtime Openfire Path Traversal Vulnerability | Affected: Ignite Realtime / Openfire | Description: Ignite Realtime Openfire contains a path traversal vulnerability that allows an unauthenticated attacker to access restricted pages in the Openfire Admin Console reserved for administrative users. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-09-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.igniterealtime.org/downloads/#openfire;  https://nvd.nist.gov/vuln/detail/CVE-2023-32315"}, "references": [{"id": "CVE-2023-32315", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-32315"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Openfire", "due_date": "2023-09-14", "date_added": "2023-08-24", "vendorProject": "Ignite Realtime", "vulnerabilityName": "Ignite Realtime Openfire Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bd8c2bd2-f671-4943-90e4-4d5b0d6f4f8f", "vulnerability": {"vulnId": "CVE-2023-27532", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-22T00:00:00+00:00"}, "gcve": {"object_uuid": "bd8c2bd2-f671-4943-90e4-4d5b0d6f4f8f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-08-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability | Affected: Veeam / Backup & Replication | Description: Veeam Backup & Replication Cloud Connect component contains a missing authentication for critical function vulnerability that allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-09-12 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.veeam.com/kb4424;  https://nvd.nist.gov/vuln/detail/CVE-2023-27532"}, "references": [{"id": "CVE-2023-27532", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-27532"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Backup & Replication", "due_date": "2023-09-12", "date_added": "2023-08-22", "vendorProject": "Veeam", "vulnerabilityName": "Veeam Backup & Replication Cloud Connect Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3c83e699-090e-4ce6-a3b7-5d27724110f2", "vulnerability": {"vulnId": "CVE-2023-38035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-22T00:00:00+00:00"}, "gcve": {"object_uuid": "3c83e699-090e-4ce6-a3b7-5d27724110f2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-08-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Sentry Authentication Bypass Vulnerability | Affected: Ivanti / Sentry | Description: Ivanti Sentry, formerly known as MobileIron Sentry, contains an authentication bypass vulnerability that may allow an attacker to bypass authentication controls on the administrative interface due to an insufficiently restrictive Apache HTTPD configuration. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-09-12 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US ;  https://nvd.nist.gov/vuln/detail/CVE-2023-38035"}, "references": [{"id": "CVE-2023-38035", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38035"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Sentry", "due_date": "2023-09-12", "date_added": "2023-08-22", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Sentry Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2cf50a8b-557f-41df-9110-8c80dee31012", "vulnerability": {"vulnId": "CVE-2023-26359", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-21T00:00:00+00:00"}, "gcve": {"object_uuid": "2cf50a8b-557f-41df-9110-8c80dee31012", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-08-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could result in code execution in the context of the current user. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-09-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-26359"}, "references": [{"id": "CVE-2023-26359", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-26359"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2023-09-11", "date_added": "2023-08-21", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d8e54719-9148-4307-85c1-d6a9c928e79c", "vulnerability": {"vulnId": "CVE-2023-24489", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-16T00:00:00+00:00"}, "gcve": {"object_uuid": "d8e54719-9148-4307-85c1-d6a9c928e79c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-08-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix Content Collaboration ShareFile Improper Access Control Vulnerability | Affected: Citrix / Content Collaboration | Description: Citrix Content Collaboration contains an improper access control vulnerability that could allow an unauthenticated attacker to remotely compromise customer-managed ShareFile storage zones controllers. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-09-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489;  https://nvd.nist.gov/vuln/detail/CVE-2023-24489"}, "references": [{"id": "CVE-2023-24489", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-24489"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Content Collaboration", "due_date": "2023-09-06", "date_added": "2023-08-16", "vendorProject": "Citrix", "vulnerabilityName": "Citrix Content Collaboration ShareFile Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5aaed536-280e-4079-a3df-9e01fb7c1e06", "vulnerability": {"vulnId": "CVE-2023-38180", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-09T00:00:00+00:00"}, "gcve": {"object_uuid": "5aaed536-280e-4079-a3df-9e01fb7c1e06", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-08-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability | Affected: Microsoft / .NET Core and Visual Studio | Description: Microsoft .NET Core and Visual Studio contain an unspecified vulnerability that allows for denial-of-service (DoS). | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-08-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-38180;  https://nvd.nist.gov/vuln/detail/CVE-2023-38180"}, "references": [{"id": "CVE-2023-38180", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38180"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": ".NET Core and Visual Studio", "due_date": "2023-08-30", "date_added": "2023-08-09", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft .NET Core and Visual Studio Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cf1a66ed-a3a7-492c-a335-06aaad620fc8", "vulnerability": {"vulnId": "CVE-2017-18368", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-08-07T00:00:00+00:00"}, "gcve": {"object_uuid": "cf1a66ed-a3a7-492c-a335-06aaad620fc8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-08-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-08-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel P660HN-T1A Routers Command Injection Vulnerability | Affected: Zyxel / P660HN-T1A Routers | Description: Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remote_host parameter of the ViewLog.asp page. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-08-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-a-new-variant-of-gafgyt-malware; https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-command-injection-vulnerability-in-p660hn-t1a-dsl-cpe; https://nvd.nist.gov/vuln/detail/CVE-2017-18368"}, "references": [{"id": "CVE-2017-18368", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-18368"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "P660HN-T1A Routers", "due_date": "2023-08-28", "date_added": "2023-08-07", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel P660HN-T1A Routers Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9c9c3bf1-75e3-49b7-804b-a88abed842fa", "vulnerability": {"vulnId": "CVE-2023-35081", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-31T00:00:00+00:00"}, "gcve": {"object_uuid": "9c9c3bf1-75e3-49b7-804b-a88abed842fa", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-31T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability | Affected: Ivanti / Endpoint Manager Mobile (EPMM) | Description: Ivanti Endpoint Manager Mobile (EPMM) contains a path traversal vulnerability that enables an authenticated administrator to perform malicious file writes to the EPMM server. This vulnerability can be used in conjunction with CVE-2023-35078 to bypass authentication and ACLs restrictions (if applicable). | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-08-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US;  https://nvd.nist.gov/vuln/detail/CVE-2023-35081"}, "references": [{"id": "CVE-2023-35081", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-35081"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Endpoint Manager Mobile (EPMM)", "due_date": "2023-08-21", "date_added": "2023-07-31", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0da10821-b44c-47e5-b21c-b30ec7bcae81", "vulnerability": {"vulnId": "CVE-2023-37580", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-27T00:00:00+00:00"}, "gcve": {"object_uuid": "0da10821-b44c-47e5-b21c-b30ec7bcae81", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-27T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability impacting the confidentiality and integrity of data. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-08-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.zimbra.com/wiki/Security_Center ;  https://nvd.nist.gov/vuln/detail/CVE-2023-37580"}, "references": [{"id": "CVE-2023-37580", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-37580"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2023-08-17", "date_added": "2023-07-27", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d2fa8c74-162f-4e5e-82a1-7622b97cfc7c", "vulnerability": {"vulnId": "CVE-2023-38606", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-26T00:00:00+00:00"}, "gcve": {"object_uuid": "d2fa8c74-162f-4e5e-82a1-7622b97cfc7c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Kernel Unspecified Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, tvOS, and watchOS contain an unspecified vulnerability allowing an app to modify a sensitive kernel state. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-08-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213841, https://support.apple.com/en-us/HT213842, https://support.apple.com/en-us/HT213843,https://support.apple.com/en-us/HT213844,https://support.apple.com/en-us/HT213845,https://support.apple.com/en-us/HT213846,https://support.apple.com/en-us/HT213848 ;  https://nvd.nist.gov/vuln/detail/CVE-2023-38606"}, "references": [{"id": "CVE-2023-38606", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38606"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-08-16", "date_added": "2023-07-26", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Kernel Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f1104074-6b2e-4c5e-980c-aa870316f943", "vulnerability": {"vulnId": "CVE-2023-35078", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-25T00:00:00+00:00"}, "gcve": {"object_uuid": "f1104074-6b2e-4c5e-980c-aa870316f943", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability | Affected: Ivanti / Endpoint Manager Mobile (EPMM) | Description: Ivanti Endpoint Manager Mobile (EPMM, previously branded MobileIron Core) contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information (PII) such as names, phone numbers, and other mobile device details for users on a vulnerable system. An attacker can also make other configuration changes including installing software and modifying security profiles on registered devices. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-08-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US;  https://nvd.nist.gov/vuln/detail/CVE-2023-35078"}, "references": [{"id": "CVE-2023-35078", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-35078"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Endpoint Manager Mobile (EPMM)", "due_date": "2023-08-15", "date_added": "2023-07-25", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "e63b5407-ac6e-407c-a839-adc664112c86", "vulnerability": {"vulnId": "CVE-2023-29298", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-20T00:00:00+00:00"}, "gcve": {"object_uuid": "e63b5407-ac6e-407c-a839-adc664112c86", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Improper Access Control Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-08-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html; https://nvd.nist.gov/vuln/detail/CVE-2023-29298"}, "references": [{"id": "CVE-2023-29298", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-29298"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2023-08-10", "date_added": "2023-07-20", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "de7b9995-3df5-4c7b-b702-a9973e2624c4", "vulnerability": {"vulnId": "CVE-2023-38205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-20T00:00:00+00:00"}, "gcve": {"object_uuid": "de7b9995-3df5-4c7b-b702-a9973e2624c4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Improper Access Control Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe ColdFusion contains an improper access control vulnerability that allows for a security feature bypass. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-08-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://helpx.adobe.com/security/products/coldfusion/apsb23-47.html ;  https://nvd.nist.gov/vuln/detail/CVE-2023-38205"}, "references": [{"id": "CVE-2023-38205", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-38205"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2023-08-10", "date_added": "2023-07-20", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1dc57b8d-60ca-4a5b-b6dd-b5ffe274915d", "vulnerability": {"vulnId": "CVE-2023-3519", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-19T00:00:00+00:00"}, "gcve": {"object_uuid": "1dc57b8d-60ca-4a5b-b6dd-b5ffe274915d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability | Affected: Citrix / NetScaler ADC and NetScaler Gateway | Description: Citrix NetScaler ADC and NetScaler Gateway contains a code injection vulnerability that allows for unauthenticated remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-08-09 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467;  https://nvd.nist.gov/vuln/detail/CVE-2023-3519"}, "references": [{"id": "CVE-2023-3519", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-3519"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetScaler ADC and NetScaler Gateway", "due_date": "2023-08-09", "date_added": "2023-07-19", "vendorProject": "Citrix", "vulnerabilityName": "Citrix NetScaler ADC and NetScaler Gateway Code Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "9da7409c-1f3f-44e3-ac8a-c2efd24e7882", "vulnerability": {"vulnId": "CVE-2023-36884", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-17T00:00:00+00:00"}, "gcve": {"object_uuid": "9da7409c-1f3f-44e3-ac8a-c2efd24e7882", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Search Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Search contains an unspecified vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file, leading to remote code execution. | Required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. | Due date: 2023-08-29 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36884;  https://nvd.nist.gov/vuln/detail/CVE-2023-36884"}, "references": [{"id": "CVE-2023-36884", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36884"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-362"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-08-29", "date_added": "2023-07-17", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Search Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "b8359bdc-86cb-451b-8b50-54ea3d4eea8b", "vulnerability": {"vulnId": "CVE-2022-29303", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-13T00:00:00+00:00"}, "gcve": {"object_uuid": "b8359bdc-86cb-451b-8b50-54ea3d4eea8b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-13T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarView Compact Command Injection Vulnerability | Affected: SolarView / Compact | Description: SolarView Compact contains a command injection vulnerability due to improper validation of input values on the send test mail console of the product's web server. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2023-08-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://jvn.jp/en/vu/JVNVU92327282/;  https://nvd.nist.gov/vuln/detail/CVE-2022-29303"}, "references": [{"id": "CVE-2022-29303", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-29303"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Compact", "due_date": "2023-08-03", "date_added": "2023-07-13", "vendorProject": "SolarView", "vulnerabilityName": "SolarView Compact Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fe9bf68f-a9cc-428b-813b-a9172c037614", "vulnerability": {"vulnId": "CVE-2023-37450", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-13T00:00:00+00:00"}, "gcve": {"object_uuid": "fe9bf68f-a9cc-428b-813b-a9172c037614", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Code Execution Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and Safari WebKit contain an unspecified vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2023-08-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213826, https://support.apple.com/en-us/HT213841, https://support.apple.com/en-us/HT213843, https://support.apple.com/en-us/HT213846, https://support.apple.com/en-us/HT213848;  https://nvd.nist.gov/vuln/detail/CVE-2023-37450"}, "references": [{"id": "CVE-2023-37450", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-37450"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-08-03", "date_added": "2023-07-13", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3e0a61c9-27c3-4a2d-8419-a37174d6e6e0", "vulnerability": {"vulnId": "CVE-2023-36874", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-11T00:00:00+00:00"}, "gcve": {"object_uuid": "3e0a61c9-27c3-4a2d-8419-a37174d6e6e0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Error Reporting Service contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2023-08-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-36874;  https://nvd.nist.gov/vuln/detail/CVE-2023-36874"}, "references": [{"id": "CVE-2023-36874", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-36874"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-08-01", "date_added": "2023-07-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Error Reporting Service Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bf5b22fe-70a4-4a8c-8e42-2e6c2e766ffb", "vulnerability": {"vulnId": "CVE-2022-31199", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-11T00:00:00+00:00"}, "gcve": {"object_uuid": "bf5b22fe-70a4-4a8c-8e42-2e6c2e766ffb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Netwrix Auditor Insecure Object Deserialization Vulnerability | Affected: Netwrix / Auditor | Description: Netwrix Auditor User Activity Video Recording component contains an insecure objection deserialization vulnerability that allows an unauthenticated, remote attacker to execute code as the NT AUTHORITY\\SYSTEM user. Successful exploitation requires that the attacker is able to reach port 9004/TCP, which is commonly blocked by standard enterprise firewalling. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2023-08-01 | Known ransomware campaign use (KEV): Known | Notes (KEV): Patch application requires login to customer portal: https://security.netwrix.com/Account/SignIn?ReturnUrl=%2FAdvisories%2FADV-2022-003;  https://nvd.nist.gov/vuln/detail/CVE-2022-31199"}, "references": [{"id": "CVE-2022-31199", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-31199"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502", "CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Auditor", "due_date": "2023-08-01", "date_added": "2023-07-11", "vendorProject": "Netwrix", "vulnerabilityName": "Netwrix Auditor Insecure Object Deserialization Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "f56611e9-2960-4084-a7c1-249e89de3dbd", "vulnerability": {"vulnId": "CVE-2023-35311", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-11T00:00:00+00:00"}, "gcve": {"object_uuid": "f56611e9-2960-4084-a7c1-249e89de3dbd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Outlook Security Feature Bypass Vulnerability | Affected: Microsoft / Outlook | Description: Microsoft Outlook contains a security feature bypass vulnerability that allows an attacker to bypass the Microsoft Outlook Security Notice prompt. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2023-08-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-35311;  https://nvd.nist.gov/vuln/detail/CVE-2023-35311"}, "references": [{"id": "CVE-2023-35311", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-35311"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-367"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Outlook", "due_date": "2023-08-01", "date_added": "2023-07-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Outlook Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "29c719b4-e6ff-4b99-a474-d8c6c7ae02c7", "vulnerability": {"vulnId": "CVE-2023-32046", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-11T00:00:00+00:00"}, "gcve": {"object_uuid": "29c719b4-e6ff-4b99-a474-d8c6c7ae02c7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2023-08-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32046;  https://nvd.nist.gov/vuln/detail/CVE-2023-32046"}, "references": [{"id": "CVE-2023-32046", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-32046"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-08-01", "date_added": "2023-07-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows MSHTML Platform Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d9a0d8dd-f7a7-4d2a-9f5d-6790f306027b", "vulnerability": {"vulnId": "CVE-2023-32049", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-11T00:00:00+00:00"}, "gcve": {"object_uuid": "d9a0d8dd-f7a7-4d2a-9f5d-6790f306027b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Defender SmartScreen contains a security feature bypass vulnerability that allows an attacker to bypass the Open File - Security Warning prompt. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2023-08-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-32049; https://nvd.nist.gov/vuln/detail/CVE-2023-32049"}, "references": [{"id": "CVE-2023-32049", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-32049"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-08-01", "date_added": "2023-07-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Defender SmartScreen Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9a30e9ca-de9d-4a11-a5bd-85f31674b88e", "vulnerability": {"vulnId": "CVE-2021-29256", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-07-07T00:00:00+00:00"}, "gcve": {"object_uuid": "9a30e9ca-de9d-4a11-a5bd-85f31674b88e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-07-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-07-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability | Affected: Arm / Mali Graphics Processing Unit (GPU) | Description: Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2023-07-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities; https://nvd.nist.gov/vuln/detail/CVE-2021-29256"}, "references": [{"id": "CVE-2021-29256", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-29256"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mali Graphics Processing Unit (GPU)", "due_date": "2023-07-28", "date_added": "2023-07-07", "vendorProject": "Arm", "vulnerabilityName": "Arm Mali GPU Kernel Driver Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "38fc959a-030f-4eb3-885a-92d16e30895d", "vulnerability": {"vulnId": "CVE-2019-20500", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "38fc959a-030f-4eb3-885a-92d16e30895d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-29T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DWL-2600AP Access Point Command Injection Vulnerability | Affected: D-Link / DWL-2600AP Access Point | Description: D-Link DWL-2600AP access point contains an authenticated command injection vulnerability via the Save Configuration functionality in the Web interface, using shell metacharacters in the admin.cgi?action=config_save configBackup or downloadServerip parameter. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2023-07-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10113; https://nvd.nist.gov/vuln/detail/CVE-2019-20500"}, "references": [{"id": "CVE-2019-20500", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-20500"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DWL-2600AP Access Point", "due_date": "2023-07-20", "date_added": "2023-06-29", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DWL-2600AP Access Point Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bc98fce2-a5ee-4292-b313-ad07af9f87c7", "vulnerability": {"vulnId": "CVE-2021-25371", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "bc98fce2-a5ee-4292-b313-ad07af9f87c7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Unspecified Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable | Due date: 2023-07-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=3; https://nvd.nist.gov/vuln/detail/CVE-2021-25371"}, "references": [{"id": "CVE-2021-25371", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-25371"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-912"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2023-07-20", "date_added": "2023-06-29", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8ed9c965-fd0b-4703-b5e4-b0047fdf92b0", "vulnerability": {"vulnId": "CVE-2021-25395", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "8ed9c965-fd0b-4703-b5e4-b0047fdf92b0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Race Condition Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable | Due date: 2023-07-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5; https://nvd.nist.gov/vuln/detail/CVE-2021-25395"}, "references": [{"id": "CVE-2021-25395", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-25395"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-362"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2023-07-20", "date_added": "2023-06-29", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Race Condition Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "320a7703-b867-4651-93d0-2882322a5747", "vulnerability": {"vulnId": "CVE-2021-25394", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "320a7703-b867-4651-93d0-2882322a5747", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Race Condition Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable | Due date: 2023-07-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=5; https://nvd.nist.gov/vuln/detail/CVE-2021-25394"}, "references": [{"id": "CVE-2021-25394", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-25394"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2023-07-20", "date_added": "2023-06-29", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Race Condition Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "17b325fe-5478-4fd1-9563-ae7e0457ba79", "vulnerability": {"vulnId": "CVE-2021-25372", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "17b325fe-5478-4fd1-9563-ae7e0457ba79", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Improper Boundary Check Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable | Due date: 2023-07-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=3; https://nvd.nist.gov/vuln/detail/CVE-2021-25372"}, "references": [{"id": "CVE-2021-25372", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-25372"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2023-07-20", "date_added": "2023-06-29", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Improper Boundary Check Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0cd20df2-cfef-4e0e-ae4c-2a770cfec9f8", "vulnerability": {"vulnId": "CVE-2021-25489", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "0cd20df2-cfef-4e0e-ae4c-2a770cfec9f8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Improper Input Validation Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable | Due date: 2023-07-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10; https://nvd.nist.gov/vuln/detail/CVE-2021-25489"}, "references": [{"id": "CVE-2021-25489", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-25489"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2023-07-20", "date_added": "2023-06-29", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9ad3215f-edfa-40fc-90f5-c12c77f5048d", "vulnerability": {"vulnId": "CVE-2021-25487", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "9ad3215f-edfa-40fc-90f5-c12c77f5048d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Out-of-Bounds Read Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable | Due date: 2023-07-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10; https://nvd.nist.gov/vuln/detail/CVE-2021-25487"}, "references": [{"id": "CVE-2021-25487", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-25487"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-125"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2023-07-20", "date_added": "2023-06-29", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Out-of-Bounds Read Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f39c8540-8e1f-41bc-9512-fb39f5121e2b", "vulnerability": {"vulnId": "CVE-2019-17621", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-29T00:00:00+00:00"}, "gcve": {"object_uuid": "f39c8540-8e1f-41bc-9512-fb39f5121e2b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-29T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DIR-859 Router Command Execution Vulnerability | Affected: D-Link / DIR-859 Router | Description: D-Link DIR-859 router contains a command execution vulnerability in the UPnP endpoint URL, /gena.cgi. Exploitation allows an unauthenticated remote attacker to execute system commands as root by sending a specially crafted HTTP SUBSCRIBE request to the UPnP service when connecting to the local network. | Required action: Apply updates per vendor instructions or discontinue use of the product if updates are unavailable. | Due date: 2023-07-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10147; https://nvd.nist.gov/vuln/detail/CVE-2019-17621"}, "references": [{"id": "CVE-2019-17621", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-17621"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DIR-859 Router", "due_date": "2023-07-20", "date_added": "2023-06-29", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DIR-859 Router Command Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "41a7ac4f-266e-408d-8d7f-592cb11a873d", "vulnerability": {"vulnId": "CVE-2023-32435", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-23T00:00:00+00:00"}, "gcve": {"object_uuid": "41a7ac4f-266e-408d-8d7f-592cb11a873d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and Safari WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213670, https://support.apple.com/en-us/HT213671, https://support.apple.com/en-us/HT213676, https://support.apple.com/en-us/HT213811;  https://nvd.nist.gov/vuln/detail/CVE-2023-32435"}, "references": [{"id": "CVE-2023-32435", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-32435"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-07-14", "date_added": "2023-06-23", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a4a5f309-3149-4b71-aa53-5e75cd8d6d6d", "vulnerability": {"vulnId": "CVE-2023-20867", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-23T00:00:00+00:00"}, "gcve": {"object_uuid": "a4a5f309-3149-4b71-aa53-5e75cd8d6d6d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-23T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware Tools Authentication Bypass Vulnerability | Affected: VMware / Tools | Description: VMware Tools contains an authentication bypass vulnerability in the vgauth module. A fully compromised ESXi host can force VMware Tools to fail to authenticate host-to-guest operations, impacting the confidentiality and integrity of the guest virtual machine. An attacker must have root access over ESXi to exploit this vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.vmware.com/security/advisories/VMSA-2023-0013.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-20867"}, "references": [{"id": "CVE-2023-20867", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-20867"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Tools", "due_date": "2023-07-14", "date_added": "2023-06-23", "vendorProject": "VMware", "vulnerabilityName": "VMware Tools Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8ae351c7-437c-496f-a0e7-d745820f67b1", "vulnerability": {"vulnId": "CVE-2023-32434", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-23T00:00:00+00:00"}, "gcve": {"object_uuid": "8ae351c7-437c-496f-a0e7-d745820f67b1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Integer Overflow Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS. iPadOS, macOS, and watchOS contain an integer overflow vulnerability that could allow an application to execute code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213808, https://support.apple.com/en-us/HT213812, https://support.apple.com/en-us/HT213809, https://support.apple.com/en-us/HT213810, https://support.apple.com/en-us/HT213813, https://support.apple.com/en-us/HT213811, https://support.apple.com/en-us/HT213814;  https://nvd.nist.gov/vuln/detail/CVE-2023-32434"}, "references": [{"id": "CVE-2023-32434", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-32434"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-07-14", "date_added": "2023-06-23", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "108dc425-827c-490b-bba2-d120469b7466", "vulnerability": {"vulnId": "CVE-2023-27992", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-23T00:00:00+00:00"}, "gcve": {"object_uuid": "108dc425-827c-490b-bba2-d120469b7466", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel Multiple NAS Devices Command Injection Vulnerability | Affected: Zyxel / Multiple Network-Attached Storage (NAS) Devices | Description: Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability that could allow an unauthenticated attacker to execute commands remotely via a crafted HTTP request. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products;  https://nvd.nist.gov/vuln/detail/CVE-2023-27992"}, "references": [{"id": "CVE-2023-27992", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-27992"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Network-Attached Storage (NAS) Devices", "due_date": "2023-07-14", "date_added": "2023-06-23", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel Multiple NAS Devices Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a94af202-0895-48d9-9509-33ad07a2ba0a", "vulnerability": {"vulnId": "CVE-2023-32439", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-23T00:00:00+00:00"}, "gcve": {"object_uuid": "a94af202-0895-48d9-9509-33ad07a2ba0a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Type Confusion Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and Safari WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213813, https://support.apple.com/en-us/HT213811, https://support.apple.com/en-us/HT213814, https://support.apple.com/en-us/HT213816;  https://nvd.nist.gov/vuln/detail/CVE-2023-32439"}, "references": [{"id": "CVE-2023-32439", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-32439"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-07-14", "date_added": "2023-06-23", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "04e6e5e1-35b0-4111-83a5-368314541d33", "vulnerability": {"vulnId": "CVE-2016-9079", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-22T00:00:00+00:00"}, "gcve": {"object_uuid": "04e6e5e1-35b0-4111-83a5-368314541d33", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability | Affected: Mozilla / Firefox, Firefox ESR, and Thunderbird | Description: Mozilla Firefox, Firefox ESR, and Thunderbird contain a use-after-free vulnerability in SVG Animation, targeting Firefox and Tor browser users on Windows. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/#CVE-2016-9079; https://nvd.nist.gov/vuln/detail/CVE-2016-9079"}, "references": [{"id": "CVE-2016-9079", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-9079"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firefox, Firefox ESR, and Thunderbird", "due_date": "2023-07-13", "date_added": "2023-06-22", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Firefox, Firefox ESR, and Thunderbird Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f9e29de3-de6e-49e9-b42f-0c0ae2eecd1c", "vulnerability": {"vulnId": "CVE-2023-20887", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-22T00:00:00+00:00"}, "gcve": {"object_uuid": "f9e29de3-de6e-49e9-b42f-0c0ae2eecd1c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Vmware Aria Operations for Networks Command Injection Vulnerability | Affected: VMware / Aria Operations for Networks | Description: VMware Aria Operations for Networks (formerly vRealize Network Insight) contains a command injection vulnerability that allows a malicious actor with network access to perform an attack resulting in remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.vmware.com/security/advisories/VMSA-2023-0012.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-20887"}, "references": [{"id": "CVE-2023-20887", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-20887"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Aria Operations for Networks", "due_date": "2023-07-13", "date_added": "2023-06-22", "vendorProject": "VMware", "vulnerabilityName": "Vmware Aria Operations for Networks Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "18e629b2-d2d7-43f7-83df-abb829f8a82b", "vulnerability": {"vulnId": "CVE-2020-12641", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-22T00:00:00+00:00"}, "gcve": {"object_uuid": "18e629b2-d2d7-43f7-83df-abb829f8a82b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Roundcube Webmail Remote Code Execution Vulnerability | Affected: Roundcube / Roundcube Webmail | Description: Roundcube Webmail contains an remote code execution vulnerability that allows attackers to execute code via shell metacharacters in a configuration setting for im_convert_path or im_identify_path. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://roundcube.net/news/2020/04/29/security-updates-1.4.4-1.3.11-and-1.2.10; https://nvd.nist.gov/vuln/detail/CVE-2020-12641"}, "references": [{"id": "CVE-2020-12641", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-12641"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Roundcube Webmail", "due_date": "2023-07-13", "date_added": "2023-06-22", "vendorProject": "Roundcube", "vulnerabilityName": "Roundcube Webmail Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "135f497f-240f-462b-ac1f-59bcba6c83ad", "vulnerability": {"vulnId": "CVE-2021-44026", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-22T00:00:00+00:00"}, "gcve": {"object_uuid": "135f497f-240f-462b-ac1f-59bcba6c83ad", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Roundcube Webmail SQL Injection Vulnerability | Affected: Roundcube / Roundcube Webmail | Description: Roundcube Webmail is vulnerable to SQL injection via search or search_params. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://roundcube.net/news/2021/11/12/security-updates-1.4.12-and-1.3.17-released; https://nvd.nist.gov/vuln/detail/CVE-2021-44026"}, "references": [{"id": "CVE-2021-44026", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44026"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Roundcube Webmail", "due_date": "2023-07-13", "date_added": "2023-06-22", "vendorProject": "Roundcube", "vulnerabilityName": "Roundcube Webmail SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "505403c7-9a75-4481-8548-63e87ce3d240", "vulnerability": {"vulnId": "CVE-2020-35730", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-22T00:00:00+00:00"}, "gcve": {"object_uuid": "505403c7-9a75-4481-8548-63e87ce3d240", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability | Affected: Roundcube / Roundcube Webmail | Description: Roundcube Webmail contains a cross-site scripting (XSS) vulnerability that allows an attacker to send a plain text e-mail message with Javascript in a link reference element that is mishandled by linkref_addinindex in rcube_string_replacer.php. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://roundcube.net/news/2020/12/27/security-updates-1.4.10-1.3.16-and-1.2.13; https://nvd.nist.gov/vuln/detail/CVE-2020-35730"}, "references": [{"id": "CVE-2020-35730", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-35730"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Roundcube Webmail", "due_date": "2023-07-13", "date_added": "2023-06-22", "vendorProject": "Roundcube", "vulnerabilityName": "Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b0d8b2b1-b477-4ffe-ab38-1fdfba8f38c9", "vulnerability": {"vulnId": "CVE-2016-0165", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-22T00:00:00+00:00"}, "gcve": {"object_uuid": "b0d8b2b1-b477-4ffe-ab38-1fdfba8f38c9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://learn.microsoft.com/en-us/security-updates/securitybulletins/2016/ms16-039; https://nvd.nist.gov/vuln/detail/CVE-2016-0165"}, "references": [{"id": "CVE-2016-0165", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-0165"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2023-07-13", "date_added": "2023-06-22", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "346deb33-3493-4fb2-8ad7-b283e06e5fb1", "vulnerability": {"vulnId": "CVE-2023-27997", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-13T00:00:00+00:00"}, "gcve": {"object_uuid": "346deb33-3493-4fb2-8ad7-b283e06e5fb1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability | Affected: Fortinet / FortiOS and FortiProxy SSL-VPN | Description: Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests. | Required action: Apply updates per vendor instructions. | Due date: 2023-07-04 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.fortiguard.com/psirt/FG-IR-23-097;  https://nvd.nist.gov/vuln/detail/CVE-2023-27997"}, "references": [{"id": "CVE-2023-27997", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-27997"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS and FortiProxy SSL-VPN", "due_date": "2023-07-04", "date_added": "2023-06-13", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "418e040b-e593-47c7-9d0a-9595a5b0611e", "vulnerability": {"vulnId": "CVE-2023-3079", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-07T00:00:00+00:00"}, "gcve": {"object_uuid": "418e040b-e593-47c7-9d0a-9595a5b0611e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html; https://nvd.nist.gov/vuln/detail/CVE-2023-3079"}, "references": [{"id": "CVE-2023-3079", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-3079"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2023-06-28", "date_added": "2023-06-07", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3ba984a1-2150-4ca5-ba9b-a137c2549636", "vulnerability": {"vulnId": "CVE-2023-33010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "3ba984a1-2150-4ca5-ba9b-a137c2549636", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel Multiple Firewalls Buffer Overflow Vulnerability | Affected: Zyxel / Multiple Firewalls | Description: Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the ID processing function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls;  https://nvd.nist.gov/vuln/detail/CVE-2023-33010"}, "references": [{"id": "CVE-2023-33010", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-33010"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-120"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Firewalls", "due_date": "2023-06-26", "date_added": "2023-06-05", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel Multiple Firewalls Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d9ec5534-4fa6-4376-bccc-ae093c8406c6", "vulnerability": {"vulnId": "CVE-2023-33009", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-05T00:00:00+00:00"}, "gcve": {"object_uuid": "d9ec5534-4fa6-4376-bccc-ae093c8406c6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel Multiple Firewalls Buffer Overflow Vulnerability | Affected: Zyxel / Multiple Firewalls | Description: Zyxel ATP, USG FLEX, USG FLEX 50(W), USG20(W)-VPN, VPN, and ZyWALL/USG firewalls contain a buffer overflow vulnerability in the notification function that could allow an unauthenticated attacker to cause denial-of-service (DoS) conditions and remote code execution on an affected device. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls;  https://nvd.nist.gov/vuln/detail/CVE-2023-33009"}, "references": [{"id": "CVE-2023-33009", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-33009"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-120"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Firewalls", "due_date": "2023-06-26", "date_added": "2023-06-05", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel Multiple Firewalls Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1aae08d5-0d6f-43c1-b281-1655a25b7888", "vulnerability": {"vulnId": "CVE-2023-34362", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-06-02T00:00:00+00:00"}, "gcve": {"object_uuid": "1aae08d5-0d6f-43c1-b281-1655a25b7888", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-06-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-06-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Progress MOVEit Transfer SQL Injection Vulnerability | Affected: Progress / MOVEit Transfer | Description: Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-23 | Known ransomware campaign use (KEV): Known | Notes (KEV): This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023.;  https://nvd.nist.gov/vuln/detail/CVE-2023-34362"}, "references": [{"id": "CVE-2023-34362", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-34362"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MOVEit Transfer", "due_date": "2023-06-23", "date_added": "2023-06-02", "vendorProject": "Progress", "vulnerabilityName": "Progress MOVEit Transfer SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "b5ab8151-f2a7-43d0-a530-fb60cf334e1a", "vulnerability": {"vulnId": "CVE-2023-28771", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-31T00:00:00+00:00"}, "gcve": {"object_uuid": "b5ab8151-f2a7-43d0-a530-fb60cf334e1a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-31T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel Multiple Firewalls OS Command Injection Vulnerability | Affected: Zyxel / Multiple Firewalls | Description: Zyxel ATP, USG FLEX, VPN, and ZyWALL/USG firewalls allow for improper error message handling which could allow an unauthenticated attacker to execute OS commands remotely by sending crafted packets to an affected device. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls;   https://nvd.nist.gov/vuln/detail/CVE-2023-28771"}, "references": [{"id": "CVE-2023-28771", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-28771"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Firewalls", "due_date": "2023-06-21", "date_added": "2023-05-31", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel Multiple Firewalls OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3ee4c088-3947-42e2-8846-739ec86c9420", "vulnerability": {"vulnId": "CVE-2023-2868", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-26T00:00:00+00:00"}, "gcve": {"object_uuid": "3ee4c088-3947-42e2-8846-739ec86c9420", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Barracuda Networks ESG Appliance Improper Input Validation Vulnerability | Affected: Barracuda Networks / Email Security Gateway (ESG) Appliance | Description: Barracuda Email Security Gateway (ESG) appliance contains an improper input validation vulnerability of a user-supplied .tar file, leading to remote command injection. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://status.barracuda.com/incidents/34kx82j5n4q9;  https://nvd.nist.gov/vuln/detail/CVE-2023-2868"}, "references": [{"id": "CVE-2023-2868", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-2868"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Email Security Gateway (ESG) Appliance", "due_date": "2023-06-16", "date_added": "2023-05-26", "vendorProject": "Barracuda Networks", "vulnerabilityName": "Barracuda Networks ESG Appliance Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "52292b92-1289-4879-9dc9-c53ac3e4ec7f", "vulnerability": {"vulnId": "CVE-2023-28204", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-22T00:00:00+00:00"}, "gcve": {"object_uuid": "52292b92-1289-4879-9dc9-c53ac3e4ec7f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an out-of-bounds read vulnerability that may disclose sensitive information when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/HT213757, https://support.apple.com/HT213758, https://support.apple.com/HT213761, https://support.apple.com/HT213762, https://support.apple.com/HT213764, https://support.apple.com/HT213765;  https://nvd.nist.gov/vuln/detail/CVE-2023-28204"}, "references": [{"id": "CVE-2023-28204", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-28204"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-125"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-06-12", "date_added": "2023-05-22", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Out-of-Bounds Read Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9fb9da51-9490-4ab7-921e-a59ae5fdf66f", "vulnerability": {"vulnId": "CVE-2023-32373", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-22T00:00:00+00:00"}, "gcve": {"object_uuid": "9fb9da51-9490-4ab7-921e-a59ae5fdf66f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Use-After-Free Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/HT213757, https://support.apple.com/HT213758, https://support.apple.com/HT213761, https://support.apple.com/HT213762, https://support.apple.com/HT213764, https://support.apple.com/HT213765; https://nvd.nist.gov/vuln/detail/CVE-2023-32373"}, "references": [{"id": "CVE-2023-32373", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-32373"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-06-12", "date_added": "2023-05-22", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "67bad172-a655-4972-a924-4062d1e36514", "vulnerability": {"vulnId": "CVE-2023-32409", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-22T00:00:00+00:00"}, "gcve": {"object_uuid": "67bad172-a655-4972-a924-4062d1e36514", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Sandbox Escape Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit contain an unspecified vulnerability that can allow a remote attacker to break out of the Web Content sandbox. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/HT213757, https://support.apple.com/HT213758, https://support.apple.com/HT213761, https://support.apple.com/HT213762, https://support.apple.com/HT213764, https://support.apple.com/HT213765; https://nvd.nist.gov/vuln/detail/CVE-2023-32409"}, "references": [{"id": "CVE-2023-32409", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-32409"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-06-12", "date_added": "2023-05-22", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Sandbox Escape Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c8f8cc6b-95d5-4889-a483-982d9a646ff7", "vulnerability": {"vulnId": "CVE-2023-21492", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-19T00:00:00+00:00"}, "gcve": {"object_uuid": "c8f8cc6b-95d5-4889-a483-982d9a646ff7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb;  https://nvd.nist.gov/vuln/detail/CVE-2023-21492"}, "references": [{"id": "CVE-2023-21492", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-21492"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-532"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2023-06-09", "date_added": "2023-05-19", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c71578bd-496f-488d-a363-5bd90a5485b6", "vulnerability": {"vulnId": "CVE-2004-1464", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-19T00:00:00+00:00"}, "gcve": {"object_uuid": "c71578bd-496f-488d-a363-5bd90a5485b6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Denial-of-Service Vulnerability | Affected: Cisco / IOS | Description: Cisco IOS contains an unspecified vulnerability that may block further telnet, reverse telnet, Remote Shell (RSH), Secure Shell (SSH), and in some cases, Hypertext Transport Protocol (HTTP) access to the Cisco device. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20040827-telnet; https://nvd.nist.gov/vuln/detail/CVE-2004-1464"}, "references": [{"id": "CVE-2004-1464", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2004-1464"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS", "due_date": "2023-06-09", "date_added": "2023-05-19", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "234c8d93-b8a1-4fc0-927e-eb855390074a", "vulnerability": {"vulnId": "CVE-2016-6415", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-19T00:00:00+00:00"}, "gcve": {"object_uuid": "234c8d93-b8a1-4fc0-927e-eb855390074a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability | Affected: Cisco / IOS, IOS XR, and IOS XE | Description: Cisco IOS, IOS XR, and IOS XE contain insufficient condition checks in the part of the code that handles Internet Key Exchange version 1 (IKEv1) security negotiation requests. contains an information disclosure vulnerability in the Internet Key Exchange version 1 (IKEv1) that could allow an attacker to retrieve memory contents. Successful exploitation could allow the attacker to retrieve memory contents, which can lead to information disclosure. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1; https://nvd.nist.gov/vuln/detail/CVE-2016-6415"}, "references": [{"id": "CVE-2016-6415", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-6415"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS, IOS XR, and IOS XE", "due_date": "2023-06-09", "date_added": "2023-05-19", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2acf1b60-8bdc-45a3-82f1-b983f55668f3", "vulnerability": {"vulnId": "CVE-2021-3560", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "2acf1b60-8bdc-45a3-82f1-b983f55668f3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Red Hat Polkit Incorrect Authorization Vulnerability | Affected: Red Hat / Polkit | Description: Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://bugzilla.redhat.com/show_bug.cgi?id=1961710; https://nvd.nist.gov/vuln/detail/CVE-2021-3560"}, "references": [{"id": "CVE-2021-3560", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-3560"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Polkit", "due_date": "2023-06-02", "date_added": "2023-05-12", "vendorProject": "Red Hat", "vulnerabilityName": "Red Hat Polkit Incorrect Authorization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c7bba0cc-c87f-4f5e-a580-06521f318daf", "vulnerability": {"vulnId": "CVE-2016-3427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "c7bba0cc-c87f-4f5e-a580-06521f318daf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Java SE and JRockit Unspecified Vulnerability | Affected: Oracle / Java SE and JRockit | Description: Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web service. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/cpuapr2016v3.html; https://nvd.nist.gov/vuln/detail/CVE-2016-3427"}, "references": [{"id": "CVE-2016-3427", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3427"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java SE and JRockit", "due_date": "2023-06-02", "date_added": "2023-05-12", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Java SE and JRockit Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4a778bca-6e51-4166-971e-398b4c7ddf94", "vulnerability": {"vulnId": "CVE-2015-5317", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "4a778bca-6e51-4166-971e-398b4c7ddf94", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Jenkins User Interface (UI) Information Disclosure Vulnerability | Affected: Jenkins / Jenkins User Interface (UI) | Description: Jenkins User Interface (UI) contains an information disclosure vulnerability that allows users to see the names of jobs and builds otherwise inaccessible to them on the \"Fingerprints\" pages. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.jenkins.io/security/advisory/2015-11-11/; https://nvd.nist.gov/vuln/detail/CVE-2015-5317"}, "references": [{"id": "CVE-2015-5317", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-5317"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Jenkins User Interface (UI)", "due_date": "2023-06-02", "date_added": "2023-05-12", "vendorProject": "Jenkins", "vulnerabilityName": "Jenkins User Interface (UI) Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7836c1f0-6a99-468e-bc24-6d8fc363433c", "vulnerability": {"vulnId": "CVE-2016-8735", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "7836c1f0-6a99-468e-bc24-6d8fc363433c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Tomcat Remote Code Execution Vulnerability | Affected: Apache / Tomcat | Description: Apache Tomcat contains an unspecified vulnerability that allows for remote code execution if JmxRemoteLifecycleListener is used and an attacker can reach Java Management Extension (JMX) ports. This CVE exists because this listener wasn't updated for consistency with the Oracle patched issues for CVE-2016-3427 which affected credential types. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://tomcat.apache.org/security-9.html; https://nvd.nist.gov/vuln/detail/CVE-2016-8735"}, "references": [{"id": "CVE-2016-8735", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-8735"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Tomcat", "due_date": "2023-06-02", "date_added": "2023-05-12", "vendorProject": "Apache", "vulnerabilityName": "Apache Tomcat Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6af0b57b-a0d7-4c26-b727-ba346fff2936", "vulnerability": {"vulnId": "CVE-2023-25717", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "6af0b57b-a0d7-4c26-b727-ba346fff2936", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Multiple Ruckus Wireless Products CSRF and RCE Vulnerability | Affected: Ruckus Wireless / Multiple Products | Description: Ruckus Wireless Access Point (AP) software contains an unspecified vulnerability in the web services component. If the web services component is enabled on the AP, an attacker can perform cross-site request forgery (CSRF) or remote code execution (RCE). This vulnerability impacts Ruckus ZoneDirector, SmartZone, and Solo APs. | Required action: Apply updates per vendor instructions or disconnect product if it is end-of-life. | Due date: 2023-06-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.ruckuswireless.com/security_bulletins/315;  https://nvd.nist.gov/vuln/detail/CVE-2023-25717"}, "references": [{"id": "CVE-2023-25717", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-25717"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-06-02", "date_added": "2023-05-12", "vendorProject": "Ruckus Wireless", "vulnerabilityName": "Multiple Ruckus Wireless Products CSRF and RCE Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fbd727ed-c7df-4d00-a9a3-a9bd94c078df", "vulnerability": {"vulnId": "CVE-2010-3904", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "fbd727ed-c7df-4d00-a9a3-a9bd94c078df", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Improper Input Validation Vulnerability | Affected: Linux / Kernel | Description: Linux Kernel contains an improper input validation vulnerability in the Reliable Datagram Sockets (RDS) protocol implementation that allows local users to gain privileges via crafted use of the sendmsg and recvmsg system calls. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2023-06-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://lkml.iu.edu/hypermail/linux/kernel/1601.3/06474.html; https://nvd.nist.gov/vuln/detail/CVE-2010-3904"}, "references": [{"id": "CVE-2010-3904", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-3904"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2023-06-02", "date_added": "2023-05-12", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4459cd35-997e-48e6-ac74-4492acaa8f4e", "vulnerability": {"vulnId": "CVE-2014-0196", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-12T00:00:00+00:00"}, "gcve": {"object_uuid": "4459cd35-997e-48e6-ac74-4492acaa8f4e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Race Condition Vulnerability | Affected: Linux / Kernel | Description: Linux Kernel contains a race condition vulnerability within the n_tty_write function that allows local users to cause a denial-of-service (DoS) or gain privileges via read and write operations with long strings. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2023-06-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://lkml.iu.edu/hypermail/linux/kernel/1609.1/02103.html; https://nvd.nist.gov/vuln/detail/CVE-2014-0196"}, "references": [{"id": "CVE-2014-0196", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-0196"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-362"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2023-06-02", "date_added": "2023-05-12", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Race Condition Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fe98d2c9-f512-4f9d-82bc-7bf85cc8d3b4", "vulnerability": {"vulnId": "CVE-2023-29336", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-09T00:00:00+00:00"}, "gcve": {"object_uuid": "fe98d2c9-f512-4f9d-82bc-7bf85cc8d3b4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32K Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation up to SYSTEM privileges. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-29336; https://nvd.nist.gov/vuln/detail/CVE-2023-29336"}, "references": [{"id": "CVE-2023-29336", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-29336"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2023-05-30", "date_added": "2023-05-09", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32K Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dd2724a3-2b91-4945-b347-63624e8875d8", "vulnerability": {"vulnId": "CVE-2023-1389", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-01T00:00:00+00:00"}, "gcve": {"object_uuid": "dd2724a3-2b91-4945-b347-63624e8875d8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-01T00:00:00Z"}, "scope": {"notes": "KEV entry: TP-Link Archer AX-21 Command Injection Vulnerability | Affected: TP-Link / Archer AX21 | Description: TP-Link Archer AX-21 contains a command injection vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.tp-link.com/us/support/download/archer-ax21/v3/#Firmware;  https://nvd.nist.gov/vuln/detail/CVE-2023-1389"}, "references": [{"id": "CVE-2023-1389", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-1389"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Archer AX21", "due_date": "2023-05-22", "date_added": "2023-05-01", "vendorProject": "TP-Link", "vulnerabilityName": "TP-Link Archer AX-21 Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f3aa2676-c093-4d57-9d05-af8a1125e178", "vulnerability": {"vulnId": "CVE-2021-45046", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-01T00:00:00+00:00"}, "gcve": {"object_uuid": "f3aa2676-c093-4d57-9d05-af8a1125e178", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-01T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Log4j2 Deserialization of Untrusted Data Vulnerability | Affected: Apache / Log4j2 | Description: Apache Log4j2 contains a deserialization of untrusted data vulnerability due to the incomplete fix of CVE-2021-44228, where the Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-default configurations. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-22 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://logging.apache.org/log4j/2.x/security.html; https://nvd.nist.gov/vuln/detail/CVE-2021-45046"}, "references": [{"id": "CVE-2021-45046", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-45046"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-917"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Log4j2", "due_date": "2023-05-22", "date_added": "2023-05-01", "vendorProject": "Apache", "vulnerabilityName": "Apache Log4j2 Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "628ebdf4-b837-4278-a32e-ed554a315e56", "vulnerability": {"vulnId": "CVE-2023-21839", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-05-01T00:00:00+00:00"}, "gcve": {"object_uuid": "628ebdf4-b837-4278-a32e-ed554a315e56", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-05-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-05-01T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle WebLogic Server Unspecified Vulnerability | Affected: Oracle / WebLogic Server | Description: Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/cpujan2023.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-21839"}, "references": [{"id": "CVE-2023-21839", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-21839"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebLogic Server", "due_date": "2023-05-22", "date_added": "2023-05-01", "vendorProject": "Oracle", "vulnerabilityName": "Oracle WebLogic Server Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "594660d6-f394-4235-82c8-90b23155ab6c", "vulnerability": {"vulnId": "CVE-2023-2136", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-21T00:00:00+00:00"}, "gcve": {"object_uuid": "594660d6-f394-4235-82c8-90b23155ab6c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chrome Skia Integer Overflow Vulnerability | Affected: Google / Chromium Skia | Description: Google Chromium Skia contains an integer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects Google Chrome and ChromeOS, Android, Flutter, and possibly other products. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-2136"}, "references": [{"id": "CVE-2023-2136", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-2136"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium Skia", "due_date": "2023-05-12", "date_added": "2023-04-21", "vendorProject": "Google", "vulnerabilityName": "Google Chrome Skia Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6a42255d-ab36-4a3c-ba02-d798c1278e9e", "vulnerability": {"vulnId": "CVE-2023-27350", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-21T00:00:00+00:00"}, "gcve": {"object_uuid": "6a42255d-ab36-4a3c-ba02-d798c1278e9e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-21T00:00:00Z"}, "scope": {"notes": "KEV entry: PaperCut MF/NG Improper Access Control Vulnerability | Affected: PaperCut / MF/NG | Description: PaperCut MF/NG contains an improper access control vulnerability within the SetupCompleted class that allows authentication bypass and code execution in the context of system. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-12 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.papercut.com/kb/Main/PO-1216-and-PO-1219;  https://nvd.nist.gov/vuln/detail/CVE-2023-27350"}, "references": [{"id": "CVE-2023-27350", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-27350"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MF/NG", "due_date": "2023-05-12", "date_added": "2023-04-21", "vendorProject": "PaperCut", "vulnerabilityName": "PaperCut MF/NG Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "732e55ae-b898-42da-a434-7bcdc36380f6", "vulnerability": {"vulnId": "CVE-2023-28432", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-21T00:00:00+00:00"}, "gcve": {"object_uuid": "732e55ae-b898-42da-a434-7bcdc36380f6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-21T00:00:00Z"}, "scope": {"notes": "KEV entry: MinIO Information Disclosure Vulnerability | Affected: MinIO / MinIO | Description: MinIO contains a vulnerability in a cluster deployment where MinIO returns all environment variables, which allows for information disclosure. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/minio/minio/security/advisories/GHSA-6xvq-wj2x-3h3q; https://nvd.nist.gov/vuln/detail/CVE-2023-28432"}, "references": [{"id": "CVE-2023-28432", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-28432"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MinIO", "due_date": "2023-05-12", "date_added": "2023-04-21", "vendorProject": "MinIO", "vulnerabilityName": "MinIO Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0f850047-4f0b-445c-ae55-b276040fcb59", "vulnerability": {"vulnId": "CVE-2017-6742", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-19T00:00:00+00:00"}, "gcve": {"object_uuid": "0f850047-4f0b-445c-ae55-b276040fcb59", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp; https://nvd.nist.gov/vuln/detail/CVE-2017-6742"}, "references": [{"id": "CVE-2017-6742", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6742"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2023-05-10", "date_added": "2023-04-19", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "db867160-d5d7-42c9-9e00-e70a3948ca1c", "vulnerability": {"vulnId": "CVE-2019-8526", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-17T00:00:00+00:00"}, "gcve": {"object_uuid": "db867160-d5d7-42c9-9e00-e70a3948ca1c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple macOS Use-After-Free Vulnerability | Affected: Apple / macOS | Description: Apple macOS contains a use-after-free vulnerability that could allow for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT209600; https://nvd.nist.gov/vuln/detail/CVE-2019-8526"}, "references": [{"id": "CVE-2019-8526", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-8526"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "macOS", "due_date": "2023-05-08", "date_added": "2023-04-17", "vendorProject": "Apple", "vulnerabilityName": "Apple macOS Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cf939064-80a0-4ae4-8c28-487662ba7ac3", "vulnerability": {"vulnId": "CVE-2023-2033", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-17T00:00:00+00:00"}, "gcve": {"object_uuid": "cf939064-80a0-4ae4-8c28-487662ba7ac3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-2033"}, "references": [{"id": "CVE-2023-2033", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-2033"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2023-05-08", "date_added": "2023-04-17", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "11298999-a48b-4206-94d4-a8cce902a285", "vulnerability": {"vulnId": "CVE-2023-20963", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "11298999-a48b-4206-94d4-a8cce902a285", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Framework Privilege Escalation Vulnerability | Affected: Android / Framework | Description: Android Framework contains an unspecified vulnerability that allows for privilege escalation after updating an app to a higher Target SDK with no additional execution privileges needed. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://source.android.com/docs/security/bulletin/2023-03-01;  https://nvd.nist.gov/vuln/detail/CVE-2023-20963"}, "references": [{"id": "CVE-2023-20963", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-20963"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-295"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Framework", "due_date": "2023-05-04", "date_added": "2023-04-13", "vendorProject": "Android", "vulnerabilityName": "Android Framework Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "615674bd-9447-4395-bc1b-1547a08a9341", "vulnerability": {"vulnId": "CVE-2023-29492", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "615674bd-9447-4395-bc1b-1547a08a9341", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Novi Survey Insecure Deserialization Vulnerability | Affected: Novi Survey / Novi Survey | Description: Novi Survey contains an insecure deserialization vulnerability that allows remote attackers to execute code on the server in the context of the service account. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://novisurvey.net/blog/novi-survey-security-advisory-apr-2023.aspx; https://nvd.nist.gov/vuln/detail/CVE-2023-29492"}, "references": [{"id": "CVE-2023-29492", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-29492"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Novi Survey", "due_date": "2023-05-04", "date_added": "2023-04-13", "vendorProject": "Novi Survey", "vulnerabilityName": "Novi Survey Insecure Deserialization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4114d4d4-145b-4f8a-a2b7-956f4cca0040", "vulnerability": {"vulnId": "CVE-2023-28252", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "4114d4d4-145b-4f8a-a2b7-956f4cca0040", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-02 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-28252;  https://nvd.nist.gov/vuln/detail/CVE-2023-28252"}, "references": [{"id": "CVE-2023-28252", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-28252"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-05-02", "date_added": "2023-04-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "54845993-9430-4338-8d0d-a5c87dce6d3e", "vulnerability": {"vulnId": "CVE-2023-28206", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-10T00:00:00+00:00"}, "gcve": {"object_uuid": "54845993-9430-4338-8d0d-a5c87dce6d3e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability | Affected: Apple / iOS, iPadOS, and macOS | Description: Apple iOS, iPadOS, and macOS IOSurfaceAccelerator contain an out-of-bounds write vulnerability that allows an app to execute code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213720, https://support.apple.com/en-us/HT213721; https://nvd.nist.gov/vuln/detail/CVE-2023-28206"}, "references": [{"id": "CVE-2023-28206", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-28206"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and macOS", "due_date": "2023-05-01", "date_added": "2023-04-10", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and macOS IOSurfaceAccelerator Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e4a35cb8-2038-489d-ae49-8b892473f7a9", "vulnerability": {"vulnId": "CVE-2023-28205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-10T00:00:00+00:00"}, "gcve": {"object_uuid": "e4a35cb8-2038-489d-ae49-8b892473f7a9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Use-After-Free Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and Safari WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2023-05-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213720,https://support.apple.com/en-us/HT213721,https://support.apple.com/en-us/HT213722,https://support.apple.com/en-us/HT213723;  https://nvd.nist.gov/vuln/detail/CVE-2023-28205"}, "references": [{"id": "CVE-2023-28205", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-28205"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-05-01", "date_added": "2023-04-10", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "05de01e6-4fcc-4324-9c1f-1a3a6b967154", "vulnerability": {"vulnId": "CVE-2023-26083", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-07T00:00:00+00:00"}, "gcve": {"object_uuid": "05de01e6-4fcc-4324-9c1f-1a3a6b967154", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Arm Mali GPU Kernel Driver Information Disclosure Vulnerability | Affected: Arm / Mali Graphics Processing Unit (GPU) | Description: Arm Mali GPU Kernel Driver contains an information disclosure vulnerability that allows a non-privileged user to make valid GPU processing operations that expose sensitive kernel metadata. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities;  https://nvd.nist.gov/vuln/detail/CVE-2023-26083"}, "references": [{"id": "CVE-2023-26083", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-26083"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-401"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mali Graphics Processing Unit (GPU)", "due_date": "2023-04-28", "date_added": "2023-04-07", "vendorProject": "Arm", "vulnerabilityName": "Arm Mali GPU Kernel Driver Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "69c2bbb8-9db3-478c-bfac-40f615b5d907", "vulnerability": {"vulnId": "CVE-2021-27877", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-07T00:00:00+00:00"}, "gcve": {"object_uuid": "69c2bbb8-9db3-478c-bfac-40f615b5d907", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Veritas Backup Exec Agent Improper Authentication Vulnerability | Affected: Veritas / Backup Exec Agent | Description: Veritas Backup Exec (BE) Agent contains an improper authentication vulnerability that could allow an attacker unauthorized access to the BE Agent via SHA authentication scheme. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.veritas.com/support/en_US/security/VTS21-001; https://nvd.nist.gov/vuln/detail/CVE-2021-27877"}, "references": [{"id": "CVE-2021-27877", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27877"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Backup Exec Agent", "due_date": "2023-04-28", "date_added": "2023-04-07", "vendorProject": "Veritas", "vulnerabilityName": "Veritas Backup Exec Agent Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "00298946-2045-4a16-9631-eb48a4e01e31", "vulnerability": {"vulnId": "CVE-2021-27876", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-07T00:00:00+00:00"}, "gcve": {"object_uuid": "00298946-2045-4a16-9631-eb48a4e01e31", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Veritas Backup Exec Agent File Access Vulnerability | Affected: Veritas / Backup Exec Agent | Description: Veritas Backup Exec (BE) Agent contains a file access vulnerability that could allow an attacker to specially craft input parameters on a data management protocol command to access files on the BE Agent machine. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.veritas.com/support/en_US/security/VTS21-001; https://nvd.nist.gov/vuln/detail/CVE-2021-27876"}, "references": [{"id": "CVE-2021-27876", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27876"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Backup Exec Agent", "due_date": "2023-04-28", "date_added": "2023-04-07", "vendorProject": "Veritas", "vulnerabilityName": "Veritas Backup Exec Agent File Access Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "891c12e8-4f86-4a44-be53-01f5e866cd4d", "vulnerability": {"vulnId": "CVE-2021-27878", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-07T00:00:00+00:00"}, "gcve": {"object_uuid": "891c12e8-4f86-4a44-be53-01f5e866cd4d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Veritas Backup Exec Agent Command Execution Vulnerability | Affected: Veritas / Backup Exec Agent | Description: Veritas Backup Exec (BE) Agent contains a command execution vulnerability that could allow an attacker to use a data management protocol command to execute a command on the BE Agent machine. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.veritas.com/support/en_US/security/VTS21-001; https://nvd.nist.gov/vuln/detail/CVE-2021-27878"}, "references": [{"id": "CVE-2021-27878", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27878"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Backup Exec Agent", "due_date": "2023-04-28", "date_added": "2023-04-07", "vendorProject": "Veritas", "vulnerabilityName": "Veritas Backup Exec Agent Command Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "bd82096b-94ab-4aea-8f81-d10e1e70c410", "vulnerability": {"vulnId": "CVE-2019-1388", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-07T00:00:00+00:00"}, "gcve": {"object_uuid": "bd82096b-94ab-4aea-8f81-d10e1e70c410", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Certificate Dialog contains a privilege escalation vulnerability, allowing attackers to run processes in an elevated context. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1388; https://nvd.nist.gov/vuln/detail/CVE-2019-1388"}, "references": [{"id": "CVE-2019-1388", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1388"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-04-28", "date_added": "2023-04-07", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Certificate Dialog Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "34458a75-2d82-4e03-9785-bc38c0481013", "vulnerability": {"vulnId": "CVE-2022-27926", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-04-03T00:00:00+00:00"}, "gcve": {"object_uuid": "34458a75-2d82-4e03-9785-bc38c0481013", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-04-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-04-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability by allowing an endpoint URL to accept parameters without sanitizing. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.zimbra.com/wiki/Security_Center;  https://nvd.nist.gov/vuln/detail/CVE-2022-27926"}, "references": [{"id": "CVE-2022-27926", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-27926"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79", "CWE-138"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2023-04-24", "date_added": "2023-04-03", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "de9d216e-dc48-4a87-926e-66a4d81eb7cc", "vulnerability": {"vulnId": "CVE-2013-3163", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "de9d216e-dc48-4a87-926e-66a4d81eb7cc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial of service via a crafted website. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2023-04-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://learn.microsoft.com/en-us/security-updates/securitybulletins/2013/ms13-055; https://nvd.nist.gov/vuln/detail/CVE-2013-3163"}, "references": [{"id": "CVE-2013-3163", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-3163"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2023-04-20", "date_added": "2023-03-30", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a17d340e-6173-450b-984f-3ae924ef01c0", "vulnerability": {"vulnId": "CVE-2023-0266", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "a17d340e-6173-450b-984f-3ae924ef01c0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Use-After-Free Vulnerability | Affected: Linux / Kernel | Description: Linux kernel contains a use-after-free vulnerability that allows for privilege escalation to gain ring0 access from the system user. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git/tree/queue-5.10/alsa-pcm-move-rwsem-lock-inside-snd_ctl_elem_read-to-prevent-uaf.patch?id=72783cf35e6c55bca84c4bb7b776c58152856fd4;  https://nvd.nist.gov/vuln/detail/CVE-2023-0266"}, "references": [{"id": "CVE-2023-0266", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-0266"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2023-04-20", "date_added": "2023-03-30", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9a2f8a52-d17a-41e0-8407-6532c0cc9156", "vulnerability": {"vulnId": "CVE-2021-30900", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9a2f8a52-d17a-41e0-8407-6532c0cc9156", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability | Affected: Apple / iOS, iPadOS, and macOS | Description: Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT21286, https://support.apple.com/en-us/HT212868, https://support.apple.com/kb/HT212872; https://nvd.nist.gov/vuln/detail/CVE-2021-30900"}, "references": [{"id": "CVE-2021-30900", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30900"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and macOS", "due_date": "2023-04-20", "date_added": "2023-03-30", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f656aab1-ee01-4c55-904c-566d2b970d52", "vulnerability": {"vulnId": "CVE-2022-39197", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "f656aab1-ee01-4c55-904c-566d2b970d52", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability | Affected: Fortra / Cobalt Strike | Description: Fortra Cobalt Strike contains a cross-site scripting (XSS) vulnerability in Teamserver that would allow an attacker to set a malformed username in the Beacon configuration, allowing them to execute code remotely. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-1/;  https://nvd.nist.gov/vuln/detail/CVE-2022-39197"}, "references": [{"id": "CVE-2022-39197", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-39197"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Cobalt Strike", "due_date": "2023-04-20", "date_added": "2023-03-30", "vendorProject": "Fortra", "vulnerabilityName": "Fortra Cobalt Strike Teamserver Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1cad130a-cd54-49c2-8a8d-cf5c0b7a6398", "vulnerability": {"vulnId": "CVE-2022-38181", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "1cad130a-cd54-49c2-8a8d-cf5c0b7a6398", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Arm Mali GPU Kernel Driver Use-After-Free Vulnerability | Affected: Arm / Mali Graphics Processing Unit (GPU) | Description: Arm Mali GPU Kernel Driver contains a use-after-free vulnerability that may allow a non-privileged user to gain root privilege and/or disclose information. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities;  https://nvd.nist.gov/vuln/detail/CVE-2022-38181"}, "references": [{"id": "CVE-2022-38181", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-38181"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mali Graphics Processing Unit (GPU)", "due_date": "2023-04-20", "date_added": "2023-03-30", "vendorProject": "Arm", "vulnerabilityName": "Arm Mali GPU Kernel Driver Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "67eb13c5-9af3-462b-8d1e-298844348adf", "vulnerability": {"vulnId": "CVE-2022-22706", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "67eb13c5-9af3-462b-8d1e-298844348adf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Arm Mali GPU Kernel Driver Unspecified Vulnerability | Affected: Arm / Mali Graphics Processing Unit (GPU) | Description: Arm Mali GPU Kernel Driver contains an unspecified vulnerability that allows a non-privileged user to achieve write access to read-only memory pages. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities;  https://nvd.nist.gov/vuln/detail/CVE-2022-22706"}, "references": [{"id": "CVE-2022-22706", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22706"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mali Graphics Processing Unit (GPU)", "due_date": "2023-04-20", "date_added": "2023-03-30", "vendorProject": "Arm", "vulnerabilityName": "Arm Mali GPU Kernel Driver Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9f483b0e-3a88-4398-a949-9b4063af414c", "vulnerability": {"vulnId": "CVE-2017-7494", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "9f483b0e-3a88-4398-a949-9b4063af414c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Samba Remote Code Execution Vulnerability | Affected: Samba / Samba | Description: Samba contains a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share and then cause the server to load and execute it. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-20 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.samba.org/samba/security/CVE-2017-7494.html; https://nvd.nist.gov/vuln/detail/CVE-2017-7494"}, "references": [{"id": "CVE-2017-7494", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-7494"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Samba", "due_date": "2023-04-20", "date_added": "2023-03-30", "vendorProject": "Samba", "vulnerabilityName": "Samba Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "6c51b343-6c7d-4b70-babe-8606c243d2c3", "vulnerability": {"vulnId": "CVE-2022-42948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "6c51b343-6c7d-4b70-babe-8606c243d2c3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability | Affected: Fortra / Cobalt Strike | Description: Fortra Cobalt Strike User Interface contains an unspecified vulnerability rooted in Java Swing that may allow remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.cobaltstrike.com/blog/out-of-band-update-cobalt-strike-4-7-2/;  https://nvd.nist.gov/vuln/detail/CVE-2022-42948"}, "references": [{"id": "CVE-2022-42948", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-42948"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79", "CWE-116"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Cobalt Strike", "due_date": "2023-04-20", "date_added": "2023-03-30", "vendorProject": "Fortra", "vulnerabilityName": "Fortra Cobalt Strike User Interface Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "36a82c0e-04ed-4a43-a398-d9d6b8400a8b", "vulnerability": {"vulnId": "CVE-2022-3038", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-30T00:00:00+00:00"}, "gcve": {"object_uuid": "36a82c0e-04ed-4a43-a398-d9d6b8400a8b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Network Service Use-After-Free Vulnerability | Affected: Google / Chromium Network Service | Description: Google Chromium Network Service contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-20 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-3038"}, "references": [{"id": "CVE-2022-3038", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-3038"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium Network Service", "due_date": "2023-04-20", "date_added": "2023-03-30", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Network Service Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9af4ec8b-686c-43b0-b61d-cf3865baef35", "vulnerability": {"vulnId": "CVE-2023-26360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "9af4ec8b-686c-43b0-b61d-cf3865baef35", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html;  https://nvd.nist.gov/vuln/detail/CVE-2023-26360"}, "references": [{"id": "CVE-2023-26360", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-26360"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2023-04-05", "date_added": "2023-03-15", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0c32e511-6f90-4926-9023-8dc29dff5854", "vulnerability": {"vulnId": "CVE-2023-24880", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-14T00:00:00+00:00"}, "gcve": {"object_uuid": "0c32e511-6f90-4926-9023-8dc29dff5854", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows SmartScreen Security Feature Bypass Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-04 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-24880;  https://nvd.nist.gov/vuln/detail/CVE-2023-24880"}, "references": [{"id": "CVE-2023-24880", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-24880"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-04-04", "date_added": "2023-03-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows SmartScreen Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "904370f6-fe61-465d-8051-351d2bc576ea", "vulnerability": {"vulnId": "CVE-2022-41328", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-14T00:00:00+00:00"}, "gcve": {"object_uuid": "904370f6-fe61-465d-8051-351d2bc576ea", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS Path Traversal Vulnerability | Affected: Fortinet / FortiOS | Description: Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.fortiguard.com/psirt/FG-IR-22-369;  https://nvd.nist.gov/vuln/detail/CVE-2022-41328"}, "references": [{"id": "CVE-2022-41328", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41328"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS", "due_date": "2023-04-04", "date_added": "2023-03-14", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cc16449c-9d00-4401-b0af-4bfaf155e5cb", "vulnerability": {"vulnId": "CVE-2023-23397", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-14T00:00:00+00:00"}, "gcve": {"object_uuid": "cc16449c-9d00-4401-b0af-4bfaf155e5cb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Outlook Privilege Escalation Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office Outlook contains a privilege escalation vulnerability that allows for a NTLM Relay attack against another service to authenticate as the user. | Required action: Apply updates per vendor instructions. | Due date: 2023-04-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23397, https://msrc.microsoft.com/blog/2023/03/microsoft-mitigates-outlook-elevation-of-privilege-vulnerability/, ;  https://nvd.nist.gov/vuln/detail/CVE-2023-23397"}, "references": [{"id": "CVE-2023-23397", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-23397"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-294"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2023-04-04", "date_added": "2023-03-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Outlook Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ee560bf5-02e3-42fc-98df-db54163a8b91", "vulnerability": {"vulnId": "CVE-2021-39144", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "ee560bf5-02e3-42fc-98df-db54163a8b91", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-10T00:00:00Z"}, "scope": {"notes": "KEV entry: XStream Remote Code Execution Vulnerability | Affected: XStream / XStream | Description: XStream contains a remote code execution vulnerability that allows an attacker to manipulate the processed input stream and replace or inject objects that result in the execution of a local command on the server. This vulnerability can affect multiple products, including but not limited to VMware Cloud Foundation. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.vmware.com/security/advisories/VMSA-2022-0027.html, https://x-stream.github.io/CVE-2021-39144.html; https://nvd.nist.gov/vuln/detail/CVE-2021-39144"}, "references": [{"id": "CVE-2021-39144", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-39144"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94", "CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "XStream", "due_date": "2023-03-31", "date_added": "2023-03-10", "vendorProject": "XStream", "vulnerabilityName": "XStream Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e8dd94f0-3909-40e8-8f73-19b891ff7375", "vulnerability": {"vulnId": "CVE-2020-5741", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-10T00:00:00+00:00"}, "gcve": {"object_uuid": "e8dd94f0-3909-40e8-8f73-19b891ff7375", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Plex Media Server Remote Code Execution Vulnerability | Affected: Plex / Media Server | Description: Plex Media Server contains a remote code execution vulnerability that allows an attacker with access to the server administrator's Plex account to upload a malicious file via the Camera Upload feature and have the media server execute it. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://forums.plex.tv/t/security-regarding-cve-2020-5741/586819; https://nvd.nist.gov/vuln/detail/CVE-2020-5741"}, "references": [{"id": "CVE-2020-5741", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-5741"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Media Server", "due_date": "2023-03-31", "date_added": "2023-03-10", "vendorProject": "Plex", "vulnerabilityName": "Plex Media Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6216c5cf-6f5b-4086-8b14-7157d3d3b5d5", "vulnerability": {"vulnId": "CVE-2022-35914", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "6216c5cf-6f5b-4086-8b14-7157d3d3b5d5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Teclib GLPI Remote Code Execution Vulnerability | Affected: Teclib / GLPI | Description: Teclib GLPI contains a remote code execution vulnerability in the third-party library, htmlawed. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://glpi-project.org/fr/glpi-10-0-3-disponible/, http://www.bioinformatics.org/phplabware/sourceer/sourceer.php?&Sfs=htmLawedTest.php&Sl=.%2Finternal_utilities%2FhtmLawed.;  https://nvd.nist.gov/vuln/detail/CVE-2022-35914"}, "references": [{"id": "CVE-2022-35914", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-35914"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "GLPI", "due_date": "2023-03-28", "date_added": "2023-03-07", "vendorProject": "Teclib", "vulnerabilityName": "Teclib GLPI Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "83ef7902-b06b-45e0-b55b-f371d9af1235", "vulnerability": {"vulnId": "CVE-2022-28810", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "83ef7902-b06b-45e0-b55b-f371d9af1235", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability | Affected: Zoho / ManageEngine | Description: Zoho ManageEngine ADSelfService Plus contains an unspecified vulnerability allowing for remote code execution when performing a password change or reset. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.manageengine.com/products/self-service-password/advisory/CVE-2022-28810.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-28810"}, "references": [{"id": "CVE-2022-28810", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-28810"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78", "CWE-259"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ManageEngine", "due_date": "2023-03-28", "date_added": "2023-03-07", "vendorProject": "Zoho", "vulnerabilityName": "Zoho ManageEngine ADSelfService Plus Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a7d834dd-efbf-4d2d-ac58-7b8b6df8de68", "vulnerability": {"vulnId": "CVE-2022-33891", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "a7d834dd-efbf-4d2d-ac58-7b8b6df8de68", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Spark Command Injection Vulnerability | Affected: Apache / Spark | Description: Apache Spark contains a command injection vulnerability via Spark User Interface (UI) when Access Control Lists (ACLs) are enabled. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://lists.apache.org/thread/p847l3kopoo5bjtmxrcwk21xp6tjxqlc;  https://nvd.nist.gov/vuln/detail/CVE-2022-33891"}, "references": [{"id": "CVE-2022-33891", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-33891"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Spark", "due_date": "2023-03-28", "date_added": "2023-03-07", "vendorProject": "Apache", "vulnerabilityName": "Apache Spark Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5510a0ae-1519-4965-bf9f-60ccf00a8d0d", "vulnerability": {"vulnId": "CVE-2022-36537", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-27T00:00:00+00:00"}, "gcve": {"object_uuid": "5510a0ae-1519-4965-bf9f-60ccf00a8d0d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-27T00:00:00Z"}, "scope": {"notes": "KEV entry: ZK Framework AuUploader Unspecified Vulnerability | Affected: ZK Framework / AuUploader | Description: ZK Framework AuUploader servlets contain an unspecified vulnerability that could allow an attacker to retrieve the content of a file located in the web context. The ZK Framework is an open-source Java framework. This vulnerability can impact multiple products, including but not limited to ConnectWise R1Soft Server Backup Manager. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-20 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://tracker.zkoss.org/browse/ZK-5150;  https://nvd.nist.gov/vuln/detail/CVE-2022-36537"}, "references": [{"id": "CVE-2022-36537", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-36537"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-441"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AuUploader", "due_date": "2023-03-20", "date_added": "2023-02-27", "vendorProject": "ZK Framework", "vulnerabilityName": "ZK Framework AuUploader Unspecified Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "16335c49-7925-4848-a616-925c376648a4", "vulnerability": {"vulnId": "CVE-2022-47986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-21T00:00:00+00:00"}, "gcve": {"object_uuid": "16335c49-7925-4848-a616-925c376648a4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-21T00:00:00Z"}, "scope": {"notes": "KEV entry: IBM Aspera Faspex Code Execution Vulnerability | Affected: IBM / Aspera Faspex | Description: IBM Aspera Faspex could allow a remote attacker to execute code on the system, caused by a YAML deserialization flaw. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://exchange.xforce.ibmcloud.com/vulnerabilities/243512?_ga=2.189195179.1800390251.1676559338-700333034.1676325890;  https://nvd.nist.gov/vuln/detail/CVE-2022-47986"}, "references": [{"id": "CVE-2022-47986", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-47986"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Aspera Faspex", "due_date": "2023-03-14", "date_added": "2023-02-21", "vendorProject": "IBM", "vulnerabilityName": "IBM Aspera Faspex Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3d5fdb6e-ccfe-41ce-b518-ee4b769c88e7", "vulnerability": {"vulnId": "CVE-2022-40765", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-21T00:00:00+00:00"}, "gcve": {"object_uuid": "3d5fdb6e-ccfe-41ce-b518-ee4b769c88e7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Mitel MiVoice Connect Command Injection Vulnerability | Affected: Mitel / MiVoice Connect | Description: The Mitel Edge Gateway component of MiVoice Connect allows an authenticated attacker with internal network access to execute commands within the context of the system. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0007;  https://nvd.nist.gov/vuln/detail/CVE-2022-40765"}, "references": [{"id": "CVE-2022-40765", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-40765"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MiVoice Connect", "due_date": "2023-03-14", "date_added": "2023-02-21", "vendorProject": "Mitel", "vulnerabilityName": "Mitel MiVoice Connect Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3091d4e1-f08b-4bc6-9a3b-6ba2333289e0", "vulnerability": {"vulnId": "CVE-2022-41223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-21T00:00:00+00:00"}, "gcve": {"object_uuid": "3091d4e1-f08b-4bc6-9a3b-6ba2333289e0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Mitel MiVoice Connect Code Injection Vulnerability | Affected: Mitel / MiVoice Connect | Description: The Director component in Mitel MiVoice Connect allows an authenticated attacker with internal network access to execute code within the context of the application. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-22-0008;  https://nvd.nist.gov/vuln/detail/CVE-2022-41223"}, "references": [{"id": "CVE-2022-41223", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41223"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MiVoice Connect", "due_date": "2023-03-14", "date_added": "2023-02-21", "vendorProject": "Mitel", "vulnerabilityName": "Mitel MiVoice Connect Code Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "4bafad59-2a95-43e7-8116-ef8a85665f8f", "vulnerability": {"vulnId": "CVE-2022-46169", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-16T00:00:00+00:00"}, "gcve": {"object_uuid": "4bafad59-2a95-43e7-8116-ef8a85665f8f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Cacti Command Injection Vulnerability | Affected: Cacti / Cacti | Description: Cacti contains a command injection vulnerability that allows an unauthenticated user to execute code. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf;  https://nvd.nist.gov/vuln/detail/CVE-2022-46169"}, "references": [{"id": "CVE-2022-46169", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-46169"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Cacti", "due_date": "2023-03-09", "date_added": "2023-02-16", "vendorProject": "Cacti", "vulnerabilityName": "Cacti Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6091271b-4d8f-4ba6-af2b-dfba9e3375d6", "vulnerability": {"vulnId": "CVE-2023-23376", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "6091271b-4d8f-4ba6-af2b-dfba9e3375d6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-07 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-23376;  https://nvd.nist.gov/vuln/detail/CVE-2023-23376"}, "references": [{"id": "CVE-2023-23376", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-23376"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-03-07", "date_added": "2023-02-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "e378aa50-0e09-4294-af8e-dd0531ca24eb", "vulnerability": {"vulnId": "CVE-2023-21823", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "e378aa50-0e09-4294-af8e-dd0531ca24eb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Graphic Component Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Graphic Component contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21823;  https://nvd.nist.gov/vuln/detail/CVE-2023-21823"}, "references": [{"id": "CVE-2023-21823", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-21823"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-03-07", "date_added": "2023-02-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Graphic Component Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "35301267-8e26-4cd8-bd68-5a22d3756101", "vulnerability": {"vulnId": "CVE-2023-21715", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "35301267-8e26-4cd8-bd68-5a22d3756101", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Publisher Security Feature Bypass Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21715;  https://nvd.nist.gov/vuln/detail/CVE-2023-21715"}, "references": [{"id": "CVE-2023-21715", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-21715"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2023-03-07", "date_added": "2023-02-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Publisher Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "23965a5a-d4fb-4c1e-a002-26231225d9e9", "vulnerability": {"vulnId": "CVE-2023-23529", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-14T00:00:00+00:00"}, "gcve": {"object_uuid": "23965a5a-d4fb-4c1e-a002-26231225d9e9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Type Confusion Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, MacOS, Safari and iPadOS WebKit contain a type confusion vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213635, https://support.apple.com/en-us/HT213633, https://support.apple.com/en-us/HT213638;  https://nvd.nist.gov/vuln/detail/CVE-2023-23529"}, "references": [{"id": "CVE-2023-23529", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-23529"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-03-07", "date_added": "2023-02-14", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "003c8cb9-5a7c-474f-9436-fc517d9079cd", "vulnerability": {"vulnId": "CVE-2022-24990", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "003c8cb9-5a7c-474f-9436-fc517d9079cd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: TerraMaster OS Remote Command Execution Vulnerability | Affected: TerraMaster / TerraMaster OS | Description: TerraMaster OS contains a remote command execution vulnerability that allows an unauthenticated user to execute commands on the target endpoint. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://forum.terra-master.com/en/viewtopic.php?t=3030;  https://nvd.nist.gov/vuln/detail/CVE-2022-24990"}, "references": [{"id": "CVE-2022-24990", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-24990"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "TerraMaster OS", "due_date": "2023-03-03", "date_added": "2023-02-10", "vendorProject": "TerraMaster", "vulnerabilityName": "TerraMaster OS Remote Command Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "5c210fb4-b1ce-42f7-aa78-d211a3446079", "vulnerability": {"vulnId": "CVE-2023-0669", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "5c210fb4-b1ce-42f7-aa78-d211a3446079", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortra GoAnywhere MFT Remote Code Execution Vulnerability | Affected: Fortra / GoAnywhere MFT | Description: Fortra (formerly, HelpSystems) GoAnywhere MFT contains a pre-authentication remote code execution vulnerability in the License Response Servlet due to deserializing an attacker-controlled object. | Required action: Apply updates per vendor instructions. | Due date: 2023-03-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): This CVE has a CISA AA located here: https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-158a. Please see the AA for associated IOCs. Additional information is available at: https://my.goanywhere.com/webclient/DownloadProductFiles.xhtml. Fortra users must have an account in order to login and access the patch.;  https://nvd.nist.gov/vuln/detail/CVE-2023-0669"}, "references": [{"id": "CVE-2023-0669", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-0669"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "GoAnywhere MFT", "due_date": "2023-03-03", "date_added": "2023-02-10", "vendorProject": "Fortra", "vulnerabilityName": "Fortra GoAnywhere MFT Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "5839dd42-e28e-4717-92ae-923b4a1c8f2a", "vulnerability": {"vulnId": "CVE-2015-2291", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "5839dd42-e28e-4717-92ae-923b4a1c8f2a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability | Affected: Intel / Ethernet Diagnostics Driver for Windows | Description: Intel ethernet diagnostics driver for Windows IQVW32.sys and IQVW64.sys contain an unspecified vulnerability that allows for a denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2023-03-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00051.html; https://nvd.nist.gov/vuln/detail/CVE-2015-2291"}, "references": [{"id": "CVE-2015-2291", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2291"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Ethernet Diagnostics Driver for Windows", "due_date": "2023-03-03", "date_added": "2023-02-10", "vendorProject": "Intel", "vulnerabilityName": "Intel Ethernet Diagnostics Driver for Windows Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8abe3d2d-d67f-47af-a3e3-e5114203a94c", "vulnerability": {"vulnId": "CVE-2023-22952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-02T00:00:00+00:00"}, "gcve": {"object_uuid": "8abe3d2d-d67f-47af-a3e3-e5114203a94c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Multiple SugarCRM Products Remote Code Execution Vulnerability | Affected: SugarCRM / Multiple Products | Description: Multiple SugarCRM products contain a remote code execution vulnerability in the EmailTemplates. Using a specially crafted request, custom PHP code can be injected through the EmailTemplates. | Required action: Apply updates per vendor instructions. | Due date: 2023-02-23 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.sugarcrm.com/Resources/Security/sugarcrm-sa-2023-001/;  https://nvd.nist.gov/vuln/detail/CVE-2023-22952"}, "references": [{"id": "CVE-2023-22952", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-22952"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2023-02-23", "date_added": "2023-02-02", "vendorProject": "SugarCRM", "vulnerabilityName": "Multiple SugarCRM Products Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "90c9fd4e-9cf4-48ce-bafb-17e5164424b7", "vulnerability": {"vulnId": "CVE-2022-21587", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-02-02T00:00:00+00:00"}, "gcve": {"object_uuid": "90c9fd4e-9cf4-48ce-bafb-17e5164424b7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-02-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-02-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle E-Business Suite Unspecified Vulnerability | Affected: Oracle / E-Business Suite | Description: Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. | Required action: Apply updates per vendor instructions. | Due date: 2023-02-23 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.oracle.com/security-alerts/cpuoct2022.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-21587"}, "references": [{"id": "CVE-2022-21587", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-21587"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "E-Business Suite", "due_date": "2023-02-23", "date_added": "2023-02-02", "vendorProject": "Oracle", "vulnerabilityName": "Oracle E-Business Suite Unspecified Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "5c707e9d-fc90-4a10-87e0-3f351758f088", "vulnerability": {"vulnId": "CVE-2017-11357", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-01-26T00:00:00+00:00"}, "gcve": {"object_uuid": "5c707e9d-fc90-4a10-87e0-3f351758f088", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-01-26T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-01-26T00:00:00Z"}, "scope": {"notes": "KEV entry: Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability | Affected: Telerik / User Interface (UI) for ASP.NET AJAX | Description: Telerik UI for ASP.NET AJAX contains an insecure direct object reference vulnerability in RadAsyncUpload that can result in file uploads in a limited location and/or remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2023-02-16 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://docs.telerik.com/devtools/aspnet-ajax/knowledge-base/asyncupload-insecure-direct-object-reference; https://nvd.nist.gov/vuln/detail/CVE-2017-11357"}, "references": [{"id": "CVE-2017-11357", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-11357"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "User Interface (UI) for ASP.NET AJAX", "due_date": "2023-02-16", "date_added": "2023-01-26", "vendorProject": "Telerik", "vulnerabilityName": "Telerik UI for ASP.NET AJAX Insecure Direct Object Reference Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "bd542cf4-dd01-405e-8963-0cf61a55f22e", "vulnerability": {"vulnId": "CVE-2022-47966", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-01-23T00:00:00+00:00"}, "gcve": {"object_uuid": "bd542cf4-dd01-405e-8963-0cf61a55f22e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-01-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-01-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability | Affected: Zoho / ManageEngine | Description: Multiple Zoho ManageEngine products contain an unauthenticated remote code execution vulnerability due to the usage of an outdated third-party dependency, Apache Santuario. | Required action: Apply updates per vendor instructions. | Due date: 2023-02-13 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.manageengine.com/security/advisory/CVE/cve-2022-47966.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-47966"}, "references": [{"id": "CVE-2022-47966", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-47966"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ManageEngine", "due_date": "2023-02-13", "date_added": "2023-01-23", "vendorProject": "Zoho", "vulnerabilityName": "Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8419ae1b-d239-4b01-a77a-b24315ae92fb", "vulnerability": {"vulnId": "CVE-2022-44877", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-01-17T00:00:00+00:00"}, "gcve": {"object_uuid": "8419ae1b-d239-4b01-a77a-b24315ae92fb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-01-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-01-17T00:00:00Z"}, "scope": {"notes": "KEV entry: CWP Control Web Panel OS Command Injection Vulnerability | Affected: CWP / Control Web Panel | Description: CWP Control Web Panel (formerly CentOS Web Panel) contains an OS command injection vulnerability that allows remote attackers to execute commands via shell metacharacters in the login parameter. | Required action: Apply updates per vendor instructions. | Due date: 2023-02-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://control-webpanel.com/changelog#1669855527714-450fb335-6194;  https://nvd.nist.gov/vuln/detail/CVE-2022-44877"}, "references": [{"id": "CVE-2022-44877", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-44877"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Control Web Panel", "due_date": "2023-02-07", "date_added": "2023-01-17", "vendorProject": "CWP", "vulnerabilityName": "CWP Control Web Panel OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "85ae6f2a-a8de-4043-a25f-a4cb4f353380", "vulnerability": {"vulnId": "CVE-2023-21674", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "85ae6f2a-a8de-4043-a25f-a4cb4f353380", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Advanced Local Procedure Call (ALPC) contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2023-01-31 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21674;  https://nvd.nist.gov/vuln/detail/CVE-2023-21674"}, "references": [{"id": "CVE-2023-21674", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-21674"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2023-01-31", "date_added": "2023-01-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Advanced Local Procedure Call (ALPC) Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cbf6e29d-12c3-4248-a032-2e9274509e34", "vulnerability": {"vulnId": "CVE-2022-41080", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2023-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "cbf6e29d-12c3-4248-a032-2e9274509e34", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2023-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2023-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Privilege Escalation Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. This vulnerability is chainable with CVE-2022-41082, which allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2023-01-31 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41080;  https://nvd.nist.gov/vuln/detail/CVE-2022-41080"}, "references": [{"id": "CVE-2022-41080", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41080"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2023-01-31", "date_added": "2023-01-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "783df899-782a-4cf4-8fe0-b82fd24049dc", "vulnerability": {"vulnId": "CVE-2018-18809", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-29T00:00:00+00:00"}, "gcve": {"object_uuid": "783df899-782a-4cf4-8fe0-b82fd24049dc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-12-29T00:00:00Z"}, "scope": {"notes": "KEV entry: TIBCO JasperReports Library Directory Traversal Vulnerability | Affected: TIBCO / JasperReports | Description: TIBCO JasperReports Library contains a directory-traversal vulnerability that may allow web server users to access contents of the host system. | Required action: Apply updates per vendor instructions. | Due date: 2023-01-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.tibco.com/support/advisories/2019/03/tibco-security-advisory-march-6-2019-tibco-jasperreports-library-2018-18809; https://nvd.nist.gov/vuln/detail/CVE-2018-18809"}, "references": [{"id": "CVE-2018-18809", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-18809"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "JasperReports", "due_date": "2023-01-19", "date_added": "2022-12-29", "vendorProject": "TIBCO", "vulnerabilityName": "TIBCO JasperReports Library Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9a57ab8a-a830-4ef2-a913-6ace9ce32199", "vulnerability": {"vulnId": "CVE-2018-5430", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-29T00:00:00+00:00"}, "gcve": {"object_uuid": "9a57ab8a-a830-4ef2-a913-6ace9ce32199", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-12-29T00:00:00Z"}, "scope": {"notes": "KEV entry: TIBCO JasperReports Server Information Disclosure Vulnerability | Affected: TIBCO / JasperReports | Description: TIBCO JasperReports Server contain a vulnerability which may allow any authenticated user read-only access to the contents of the web application, including key configuration files. | Required action: Apply updates per vendor instructions. | Due date: 2023-01-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.tibco.com/support/advisories/2018/04/tibco-security-advisory-april-17-2018-tibco-jasperreports-2018-5430;https://nvd.nist.gov/vuln/detail/CVE-2018-5430"}, "references": [{"id": "CVE-2018-5430", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-5430"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "JasperReports", "due_date": "2023-01-19", "date_added": "2022-12-29", "vendorProject": "TIBCO", "vulnerabilityName": "TIBCO JasperReports Server Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3ed8e8f8-ad45-47aa-ada0-f3e89433f56e", "vulnerability": {"vulnId": "CVE-2022-42856", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-14T00:00:00+00:00"}, "gcve": {"object_uuid": "3ed8e8f8-ad45-47aa-ada0-f3e89433f56e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-12-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS Type Confusion Vulnerability | Affected: Apple / iOS | Description: Apple iOS contains a type confusion vulnerability when processing maliciously crafted web content leading to code execution. | Required action: Apply updates per vendor instructions. | Due date: 2023-01-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213516;  https://nvd.nist.gov/vuln/detail/CVE-2022-42856"}, "references": [{"id": "CVE-2022-42856", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-42856"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS", "due_date": "2023-01-04", "date_added": "2022-12-14", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f4836a01-be2a-4f33-b470-c7c67ddde200", "vulnerability": {"vulnId": "CVE-2022-26501", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-13T00:00:00+00:00"}, "gcve": {"object_uuid": "f4836a01-be2a-4f33-b470-c7c67ddde200", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-12-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Veeam Backup & Replication Remote Code Execution Vulnerability | Affected: Veeam / Backup & Replication | Description: The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code. | Required action: Apply updates per vendor instructions. | Due date: 2023-01-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.veeam.com/kb4288;  https://nvd.nist.gov/vuln/detail/CVE-2022-26501"}, "references": [{"id": "CVE-2022-26501", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26501"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Backup & Replication", "due_date": "2023-01-03", "date_added": "2022-12-13", "vendorProject": "Veeam", "vulnerabilityName": "Veeam Backup & Replication Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "b44a2414-c106-4db3-b40a-2f1a14ae9eb4", "vulnerability": {"vulnId": "CVE-2022-27518", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-13T00:00:00+00:00"}, "gcve": {"object_uuid": "b44a2414-c106-4db3-b40a-2f1a14ae9eb4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-12-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability | Affected: Citrix / Application Delivery Controller (ADC) and Gateway | Description: Citrix Application Delivery Controller (ADC) and Gateway, when configured with SAML SP or IdP configuration, contain an authentication bypass vulnerability that allows an attacker to execute code as administrator. | Required action: Apply updates per vendor instructions. | Due date: 2023-01-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/;  https://nvd.nist.gov/vuln/detail/CVE-2022-27518"}, "references": [{"id": "CVE-2022-27518", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-27518"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-664"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Application Delivery Controller (ADC) and Gateway", "due_date": "2023-01-03", "date_added": "2022-12-13", "vendorProject": "Citrix", "vulnerabilityName": "Citrix Application Delivery Controller (ADC) and Gateway Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d7ca40e9-17a7-4797-ba9e-07cb611cc928", "vulnerability": {"vulnId": "CVE-2022-44698", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-13T00:00:00+00:00"}, "gcve": {"object_uuid": "d7ca40e9-17a7-4797-ba9e-07cb611cc928", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-12-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Defender SmartScreen Security Feature Bypass Vulnerability | Affected: Microsoft / Defender | Description: Microsoft Defender SmartScreen contains a security feature bypass vulnerability that could allow an attacker to evade Mark of the Web (MOTW) defenses via a specially crafted malicious file. | Required action: Apply updates per vendor instructions. | Due date: 2023-01-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44698;  https://nvd.nist.gov/vuln/detail/CVE-2022-44698"}, "references": [{"id": "CVE-2022-44698", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-44698"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-755"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Defender", "due_date": "2023-01-03", "date_added": "2022-12-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Defender SmartScreen Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "d6bacbf8-707f-4ef7-84c3-17c25fc76591", "vulnerability": {"vulnId": "CVE-2022-42475", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-13T00:00:00+00:00"}, "gcve": {"object_uuid": "d6bacbf8-707f-4ef7-84c3-17c25fc76591", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-12-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability | Affected: Fortinet / FortiOS | Description: Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests. | Required action: Apply updates per vendor instructions. | Due date: 2023-01-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.fortiguard.com/psirt/FG-IR-22-398;  https://nvd.nist.gov/vuln/detail/CVE-2022-42475"}, "references": [{"id": "CVE-2022-42475", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-42475"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-197"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS", "due_date": "2023-01-03", "date_added": "2022-12-13", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "168346d7-ffb8-4733-91d2-a7fc51bc4446", "vulnerability": {"vulnId": "CVE-2022-26500", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-13T00:00:00+00:00"}, "gcve": {"object_uuid": "168346d7-ffb8-4733-91d2-a7fc51bc4446", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-12-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Veeam Backup & Replication Remote Code Execution Vulnerability | Affected: Veeam / Backup & Replication | Description: The Veeam Distribution Service in the Backup & Replication application allows unauthenticated users to access internal API functions. A remote attacker can send input to the internal API which may lead to uploading and executing of malicious code. | Required action: Apply updates per vendor instructions. | Due date: 2023-01-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.veeam.com/kb4288;  https://nvd.nist.gov/vuln/detail/CVE-2022-26500"}, "references": [{"id": "CVE-2022-26500", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26500"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Backup & Replication", "due_date": "2023-01-03", "date_added": "2022-12-13", "vendorProject": "Veeam", "vulnerabilityName": "Veeam Backup & Replication Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "7549f59d-5a9b-4090-9e30-f60a19542350", "vulnerability": {"vulnId": "CVE-2022-4262", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-12-05T00:00:00+00:00"}, "gcve": {"object_uuid": "7549f59d-5a9b-4090-9e30-f60a19542350", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-12-05T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-12-05T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-12-26 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2022/12/stable-channel-update-for-desktop.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-4262"}, "references": [{"id": "CVE-2022-4262", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-4262"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122", "CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-12-26", "date_added": "2022-12-05", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "72cf0da0-d4a5-4ae7-9f2e-e892ae78f1a6", "vulnerability": {"vulnId": "CVE-2021-35587", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-28T00:00:00+00:00"}, "gcve": {"object_uuid": "72cf0da0-d4a5-4ae7-9f2e-e892ae78f1a6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-11-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Fusion Middleware Unspecified Vulnerability | Affected: Oracle / Fusion Middleware | Description: Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product. | Required action: Apply updates per vendor instructions. | Due date: 2022-12-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/cpujan2022.html; https://nvd.nist.gov/vuln/detail/CVE-2021-35587"}, "references": [{"id": "CVE-2021-35587", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-35587"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502", "CWE-790"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Fusion Middleware", "due_date": "2022-12-19", "date_added": "2022-11-28", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Fusion Middleware Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f6885da7-ea3b-47bd-b97d-3cd180e21c83", "vulnerability": {"vulnId": "CVE-2022-4135", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-28T00:00:00+00:00"}, "gcve": {"object_uuid": "f6885da7-ea3b-47bd-b97d-3cd180e21c83", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-11-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium GPU Heap Buffer Overflow Vulnerability | Affected: Google / Chromium GPU | Description: Google Chromium GPU contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-12-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-4135"}, "references": [{"id": "CVE-2022-4135", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-4135"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium GPU", "due_date": "2022-12-19", "date_added": "2022-11-28", "vendorProject": "Google", "vulnerabilityName": "Google Chromium GPU Heap Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7e1db19f-8731-4f0a-861b-50025c198f42", "vulnerability": {"vulnId": "CVE-2022-41049", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-14T00:00:00+00:00"}, "gcve": {"object_uuid": "7e1db19f-8731-4f0a-861b-50025c198f42", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-11-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. | Required action: Apply updates per vendor instructions. | Due date: 2022-12-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41049;  https://nvd.nist.gov/vuln/detail/CVE-2022-41049"}, "references": [{"id": "CVE-2022-41049", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41049"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-274"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-12-09", "date_added": "2022-11-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a52c596a-96bf-4c6f-a351-70cb65b7f87d", "vulnerability": {"vulnId": "CVE-2021-25370", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "a52c596a-96bf-4c6f-a351-70cb65b7f87d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-11-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Memory Corruption Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25370"}, "references": [{"id": "CVE-2021-25370", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-25370"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2022-11-29", "date_added": "2022-11-08", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4f572b13-c95a-4b08-8041-66fb133f55cb", "vulnerability": {"vulnId": "CVE-2021-25337", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "4f572b13-c95a-4b08-8041-66fb133f55cb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-11-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Improper Access Control Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25337"}, "references": [{"id": "CVE-2021-25337", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-25337"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2022-11-29", "date_added": "2022-11-08", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f0f516a5-d957-4669-bc6d-c347224e6358", "vulnerability": {"vulnId": "CVE-2022-41091", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "f0f516a5-d957-4669-bc6d-c347224e6358", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-11-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Mark of the Web (MOTW) contains a security feature bypass vulnerability resulting in a limited loss of integrity and availability of security features. | Required action: Apply updates per vendor instructions. | Due date: 2022-12-09 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41091;  https://nvd.nist.gov/vuln/detail/CVE-2022-41091"}, "references": [{"id": "CVE-2022-41091", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41091"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-12-09", "date_added": "2022-11-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Mark of the Web (MOTW) Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "f6155ae3-27af-4aa4-a6c0-e8b50f5d61c1", "vulnerability": {"vulnId": "CVE-2022-41125", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "f6155ae3-27af-4aa4-a6c0-e8b50f5d61c1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-11-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Cryptographic Next Generation (CNG) Key Isolation Service contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-12-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41125;  https://nvd.nist.gov/vuln/detail/CVE-2022-41125"}, "references": [{"id": "CVE-2022-41125", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41125"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-12-09", "date_added": "2022-11-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows CNG Key Isolation Service Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fbc4acd4-0a2c-447c-b285-885990c7c9d0", "vulnerability": {"vulnId": "CVE-2021-25369", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "fbc4acd4-0a2c-447c-b285-885990c7c9d0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-11-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Samsung Mobile Devices Improper Access Control Vulnerability | Affected: Samsung / Mobile Devices | Description: Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.samsungmobile.com/securityUpdate.smsb; https://nvd.nist.gov/vuln/detail/CVE-2021-25369"}, "references": [{"id": "CVE-2021-25369", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-25369"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mobile Devices", "due_date": "2022-11-29", "date_added": "2022-11-08", "vendorProject": "Samsung", "vulnerabilityName": "Samsung Mobile Devices Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c23ab43a-aab6-4fb8-b8dd-0d473720c7ad", "vulnerability": {"vulnId": "CVE-2022-41128", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "c23ab43a-aab6-4fb8-b8dd-0d473720c7ad", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-11-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Scripting Languages Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows contains an unspecified vulnerability in the JScript9 scripting language which allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-12-09 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41128;  https://nvd.nist.gov/vuln/detail/CVE-2022-41128"}, "references": [{"id": "CVE-2022-41128", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41128"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-12-09", "date_added": "2022-11-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Scripting Languages Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2b7c56f8-d0e6-40cc-86b5-25b84373d912", "vulnerability": {"vulnId": "CVE-2022-41073", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-11-08T00:00:00+00:00"}, "gcve": {"object_uuid": "2b7c56f8-d0e6-40cc-86b5-25b84373d912", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-11-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-11-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Print Spooler Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows an attacker to gain SYSTEM-level privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-12-09 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-41073;  https://nvd.nist.gov/vuln/detail/CVE-2022-41073"}, "references": [{"id": "CVE-2022-41073", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41073"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-12-09", "date_added": "2022-11-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Print Spooler Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "86431e06-a2d6-4a69-90ab-8deef097521c", "vulnerability": {"vulnId": "CVE-2022-3723", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-28T00:00:00+00:00"}, "gcve": {"object_uuid": "86431e06-a2d6-4a69-90ab-8deef097521c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-10-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-3723"}, "references": [{"id": "CVE-2022-3723", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-3723"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122", "CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-11-18", "date_added": "2022-10-28", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "31139190-9002-4aef-a077-337db2ee3647", "vulnerability": {"vulnId": "CVE-2022-42827", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-25T00:00:00+00:00"}, "gcve": {"object_uuid": "31139190-9002-4aef-a077-337db2ee3647", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-10-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS and iPadOS Out-of-Bounds Write Vulnerability | Affected: Apple / iOS and iPadOS | Description: Apple iOS and iPadOS kernel contain an out-of-bounds write vulnerability which can allow an application to perform code execution with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213489;  https://nvd.nist.gov/vuln/detail/CVE-2022-42827"}, "references": [{"id": "CVE-2022-42827", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-42827"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS and iPadOS", "due_date": "2022-11-15", "date_added": "2022-10-25", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS and iPadOS Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "73d37028-c48d-4a6d-be66-cefd99f67f0e", "vulnerability": {"vulnId": "CVE-2018-19323", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "73d37028-c48d-4a6d-be66-cefd99f67f0e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-10-24T00:00:00Z"}, "scope": {"notes": "KEV entry: GIGABYTE Multiple Products Privilege Escalation Vulnerability | Affected: GIGABYTE / Multiple Products | Description: The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19323"}, "references": [{"id": "CVE-2018-19323", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-19323"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-11-14", "date_added": "2022-10-24", "vendorProject": "GIGABYTE", "vulnerabilityName": "GIGABYTE Multiple Products Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "1854af40-c77b-44fe-9425-69a7a96eac79", "vulnerability": {"vulnId": "CVE-2018-19322", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "1854af40-c77b-44fe-9425-69a7a96eac79", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-10-24T00:00:00Z"}, "scope": {"notes": "KEV entry: GIGABYTE Multiple Products Code Execution Vulnerability | Affected: GIGABYTE / Multiple Products | Description: The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read/write data from/to IO ports. This could be leveraged in a number of ways to ultimately run code with elevated privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19322"}, "references": [{"id": "CVE-2018-19322", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-19322"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-749"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-11-14", "date_added": "2022-10-24", "vendorProject": "GIGABYTE", "vulnerabilityName": "GIGABYTE Multiple Products Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "dcdca9ad-bae2-431e-b518-7b4af03d792a", "vulnerability": {"vulnId": "CVE-2020-3433", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "dcdca9ad-bae2-431e-b518-7b4af03d792a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-10-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability | Affected: Cisco / AnyConnect Secure | Description: Cisco AnyConnect Secure Mobility Client for Windows interprocess communication (IPC) channel allows for insufficient validation of resources that are loaded by the application at run time. An attacker with valid credentials on Windows could execute code on the affected machine with SYSTEM privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW; https://nvd.nist.gov/vuln/detail/CVE-2020-3433"}, "references": [{"id": "CVE-2020-3433", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3433"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-427"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AnyConnect Secure", "due_date": "2022-11-14", "date_added": "2022-10-24", "vendorProject": "Cisco", "vulnerabilityName": "Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "a64d3a74-8cdb-40e7-84c6-71fde06420fb", "vulnerability": {"vulnId": "CVE-2020-3153", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "a64d3a74-8cdb-40e7-84c6-71fde06420fb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-10-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability | Affected: Cisco / AnyConnect Secure | Description: Cisco AnyConnect Secure Mobility Client for Windows allows for incorrect handling of directory paths. An attacker with valid credentials on Windows would be able to copy malicious files to arbitrary locations with system level privileges. This could include DLL pre-loading, DLL hijacking, and other related attacks. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj; https://nvd.nist.gov/vuln/detail/CVE-2020-3153"}, "references": [{"id": "CVE-2020-3153", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3153"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-427"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AnyConnect Secure", "due_date": "2022-11-14", "date_added": "2022-10-24", "vendorProject": "Cisco", "vulnerabilityName": "Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "b775a153-f4c6-4585-b6fc-de88aaa1fbaf", "vulnerability": {"vulnId": "CVE-2018-19321", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "b775a153-f4c6-4585-b6fc-de88aaa1fbaf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-10-24T00:00:00Z"}, "scope": {"notes": "KEV entry: GIGABYTE Multiple Products Privilege Escalation Vulnerability | Affected: GIGABYTE / Multiple Products | Description: The GPCIDrv and GDrv low-level drivers in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II expose functionality to read and write arbitrary physical memory. This could be leveraged by a local attacker to elevate privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19321"}, "references": [{"id": "CVE-2018-19321", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-19321"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-11-14", "date_added": "2022-10-24", "vendorProject": "GIGABYTE", "vulnerabilityName": "GIGABYTE Multiple Products Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "0089d730-00bc-4874-afa3-7c50456fc4a0", "vulnerability": {"vulnId": "CVE-2018-19320", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-24T00:00:00+00:00"}, "gcve": {"object_uuid": "0089d730-00bc-4874-afa3-7c50456fc4a0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-10-24T00:00:00Z"}, "scope": {"notes": "KEV entry: GIGABYTE Multiple Products Unspecified Vulnerability | Affected: GIGABYTE / Multiple Products | Description: The GDrv low-level driver in GIGABYTE App Center, AORUS Graphics Engine, XTREME Gaming Engine, and OC GURU II exposes ring0 memcpy-like functionality that could allow a local attacker to take complete control of the affected system. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.gigabyte.com/Support/Security/1801; https://nvd.nist.gov/vuln/detail/CVE-2018-19320"}, "references": [{"id": "CVE-2018-19320", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-19320"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-11-14", "date_added": "2022-10-24", "vendorProject": "GIGABYTE", "vulnerabilityName": "GIGABYTE Multiple Products Unspecified Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "a6b64ac7-b0d9-4181-a036-90a1f48b4fe1", "vulnerability": {"vulnId": "CVE-2022-41352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-20T00:00:00+00:00"}, "gcve": {"object_uuid": "a6b64ac7-b0d9-4181-a036-90a1f48b4fe1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-10-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to upload arbitrary files using cpio package to gain incorrect access to any other user accounts. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://wiki.zimbra.com/wiki/Security_Center;  https://nvd.nist.gov/vuln/detail/CVE-2022-41352"}, "references": [{"id": "CVE-2022-41352", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41352"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2022-11-10", "date_added": "2022-10-20", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0dbe2ac7-4a47-4df9-be3a-2ac23a7b4c82", "vulnerability": {"vulnId": "CVE-2021-3493", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-20T00:00:00+00:00"}, "gcve": {"object_uuid": "0dbe2ac7-4a47-4df9-be3a-2ac23a7b4c82", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-20T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-10-20T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Privilege Escalation Vulnerability | Affected: Linux / Kernel | Description: The overlayfs stacking file system in Linux kernel does not properly validate the application of file capabilities against user namespaces, which could lead to privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7c03e2cda4a584cadc398e8f6641ca9988a39d52; https://nvd.nist.gov/vuln/detail/CVE-2021-3493"}, "references": [{"id": "CVE-2021-3493", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-3493"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-862"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2022-11-10", "date_added": "2022-10-20", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4dc21759-e6ef-4896-8381-222e6001fe28", "vulnerability": {"vulnId": "CVE-2022-41033", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-11T00:00:00+00:00"}, "gcve": {"object_uuid": "4dc21759-e6ef-4896-8381-222e6001fe28", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-10-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability | Affected: Microsoft / Windows COM+ Event System Service | Description: Microsoft Windows COM+ Event System Service contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-41033;  https://nvd.nist.gov/vuln/detail/CVE-2022-41033"}, "references": [{"id": "CVE-2022-41033", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41033"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows COM+ Event System Service", "due_date": "2022-11-01", "date_added": "2022-10-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows COM+ Event System Service Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7d5078d2-9fc2-443b-952b-331db33a6a5e", "vulnerability": {"vulnId": "CVE-2022-40684", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-10-11T00:00:00+00:00"}, "gcve": {"object_uuid": "7d5078d2-9fc2-443b-952b-331db33a6a5e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-10-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-10-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet Multiple Products Authentication Bypass Vulnerability | Affected: Fortinet / Multiple Products | Description: Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests. | Required action: Apply updates per vendor instructions. | Due date: 2022-11-01 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.fortiguard.com/psirt/FG-IR-22-377;  https://nvd.nist.gov/vuln/detail/CVE-2022-40684"}, "references": [{"id": "CVE-2022-40684", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-40684"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-11-01", "date_added": "2022-10-11", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet Multiple Products Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3e4cca64-435e-4259-af5f-56a6ca633dd1", "vulnerability": {"vulnId": "CVE-2022-36804", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-30T00:00:00+00:00"}, "gcve": {"object_uuid": "3e4cca64-435e-4259-af5f-56a6ca633dd1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Bitbucket Server and Data Center Command Injection Vulnerability | Affected: Atlassian / Bitbucket Server and Data Center | Description: Multiple API endpoints of Atlassian Bitbucket Server and Data Center contain a command injection vulnerability where an attacker with access to a public Bitbucket repository, or with read permissions to a private one, can execute code by sending a malicious HTTP request. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://jira.atlassian.com/browse/BSERV-13438;  https://nvd.nist.gov/vuln/detail/CVE-2022-36804"}, "references": [{"id": "CVE-2022-36804", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-36804"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78", "CWE-88", "CWE-158"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Bitbucket Server and Data Center", "due_date": "2022-10-21", "date_added": "2022-09-30", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Bitbucket Server and Data Center Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "45c3f80e-cb80-4494-bfa1-5b6c7c18a705", "vulnerability": {"vulnId": "CVE-2022-41082", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-30T00:00:00+00:00"}, "gcve": {"object_uuid": "45c3f80e-cb80-4494-bfa1-5b6c7c18a705", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an unspecified vulnerability that allows for authenticated remote code execution. Dubbed \"ProxyNotShell,\" this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-21 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/;  https://nvd.nist.gov/vuln/detail/CVE-2022-41082"}, "references": [{"id": "CVE-2022-41082", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41082"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2022-10-21", "date_added": "2022-09-30", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "51242530-97c6-45a1-8bf8-51ba025e0039", "vulnerability": {"vulnId": "CVE-2022-41040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-30T00:00:00+00:00"}, "gcve": {"object_uuid": "51242530-97c6-45a1-8bf8-51ba025e0039", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-30T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-30T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Server-Side Request Forgery Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server allows for server-side request forgery. Dubbed \"ProxyNotShell,\" this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-21 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/;  https://nvd.nist.gov/vuln/detail/CVE-2022-41040"}, "references": [{"id": "CVE-2022-41040", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-41040"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2022-10-21", "date_added": "2022-09-30", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Server-Side Request Forgery Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "ac1aea83-1a83-45f7-aade-1adc8f4588fd", "vulnerability": {"vulnId": "CVE-2022-3236", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-23T00:00:00+00:00"}, "gcve": {"object_uuid": "ac1aea83-1a83-45f7-aade-1adc8f4588fd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Sophos Firewall Code Injection Vulnerability | Affected: Sophos / Firewall | Description: A code injection vulnerability in the User Portal and Webadmin of Sophos Firewall allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce;  https://nvd.nist.gov/vuln/detail/CVE-2022-3236"}, "references": [{"id": "CVE-2022-3236", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-3236"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firewall", "due_date": "2022-10-14", "date_added": "2022-09-23", "vendorProject": "Sophos", "vulnerabilityName": "Sophos Firewall Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ddf39d29-06c6-4be7-8d79-01d502591086", "vulnerability": {"vulnId": "CVE-2022-35405", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-22T00:00:00+00:00"}, "gcve": {"object_uuid": "ddf39d29-06c6-4be7-8d79-01d502591086", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability | Affected: Zoho / ManageEngine | Description: Zoho ManageEngine PAM360, Password Manager Pro, and Access Manager Plus contain an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.manageengine.com/products/passwordmanagerpro/advisory/cve-2022-35405.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-35405"}, "references": [{"id": "CVE-2022-35405", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-35405"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ManageEngine", "due_date": "2022-10-13", "date_added": "2022-09-22", "vendorProject": "Zoho", "vulnerabilityName": "Zoho ManageEngine Multiple Products Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c9a0142f-9813-487f-a09e-905f6470d3fb", "vulnerability": {"vulnId": "CVE-2010-2568", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-15T00:00:00+00:00"}, "gcve": {"object_uuid": "c9a0142f-9813-487f-a09e-905f6470d3fb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568"}, "references": [{"id": "CVE-2010-2568", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-2568"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-10-06", "date_added": "2022-09-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b764081d-d77b-402a-bb63-79e566dfe20c", "vulnerability": {"vulnId": "CVE-2022-40139", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-15T00:00:00+00:00"}, "gcve": {"object_uuid": "b764081d-d77b-402a-bb63-79e566dfe20c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability | Affected: Trend Micro / Apex One and Apex One as a Service | Description: Trend Micro Apex One and Apex One as a Service contain an improper validation of rollback mechanism components that could lead to remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://success.trendmicro.com/dcx/s/solution/000291528?language=en_US;  https://nvd.nist.gov/vuln/detail/CVE-2022-40139"}, "references": [{"id": "CVE-2022-40139", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-40139"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-353", "CWE-641"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One and Apex One as a Service", "due_date": "2022-10-06", "date_added": "2022-09-15", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Apex One and Apex One as a Service Improper Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "08de6eb7-479a-4f88-aa0e-8f3783cbf57a", "vulnerability": {"vulnId": "CVE-2013-2094", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-15T00:00:00+00:00"}, "gcve": {"object_uuid": "08de6eb7-479a-4f88-aa0e-8f3783cbf57a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Privilege Escalation Vulnerability | Affected: Linux / Kernel | Description: Linux kernel fails to check all 64 bits of attr.config passed by user space, resulting to out-of-bounds access of the perf_swevent_enabled array in sw_perf_event_destroy(). Explotation allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8176cced706b5e5d15887584150764894e94e02f; https://nvd.nist.gov/vuln/detail/CVE-2013-2094"}, "references": [{"id": "CVE-2013-2094", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2094"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-189"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2022-10-06", "date_added": "2022-09-15", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8e30ca9c-0466-4bd6-97c1-35fd2206f495", "vulnerability": {"vulnId": "CVE-2013-2597", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-15T00:00:00+00:00"}, "gcve": {"object_uuid": "8e30ca9c-0466-4bd6-97c1-35fd2206f495", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability | Affected: Code Aurora / ACDB Audio Driver | Description: The Code Aurora audio calibration database (acdb) audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products such as Qualcomm and Android. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://web.archive.org/web/20161226013354/https:/www.codeaurora.org/news/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597; https://nvd.nist.gov/vuln/detail/CVE-2013-2597"}, "references": [{"id": "CVE-2013-2597", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2597"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ACDB Audio Driver", "due_date": "2022-10-06", "date_added": "2022-09-15", "vendorProject": "Code Aurora", "vulnerabilityName": "Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "94feeaf9-9996-4926-8b4f-a81bc175069e", "vulnerability": {"vulnId": "CVE-2013-6282", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-15T00:00:00+00:00"}, "gcve": {"object_uuid": "94feeaf9-9996-4926-8b4f-a81bc175069e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Improper Input Validation Vulnerability | Affected: Linux / Kernel | Description: The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This allows an application to read and write kernel memory which could lead to privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8404663f81d212918ff85f493649a7991209fa04; https://nvd.nist.gov/vuln/detail/CVE-2013-6282"}, "references": [{"id": "CVE-2013-6282", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-6282"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2022-10-06", "date_added": "2022-09-15", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "42c4ecad-654d-4687-811c-3447ecf733e0", "vulnerability": {"vulnId": "CVE-2013-2596", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-15T00:00:00+00:00"}, "gcve": {"object_uuid": "42c4ecad-654d-4687-811c-3447ecf733e0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Integer Overflow Vulnerability | Affected: Linux / Kernel | Description: Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc9bbca8f650e5f738af8806317c0a041a48ae4a; https://nvd.nist.gov/vuln/detail/CVE-2013-2596"}, "references": [{"id": "CVE-2013-2596", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2596"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-189"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2022-10-06", "date_added": "2022-09-15", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "eae2f83b-1dc1-4eab-9d4a-37239ae06455", "vulnerability": {"vulnId": "CVE-2022-32917", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "eae2f83b-1dc1-4eab-9d4a-37239ae06455", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability | Affected: Apple / iOS, iPadOS, and macOS | Description: Apple kernel, which is included in iOS, iPadOS, and macOS, contains an unspecified vulnerability where an application may be able to execute code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT213445, https://support.apple.com/en-us/HT213444;  https://nvd.nist.gov/vuln/detail/CVE-2022-32917"}, "references": [{"id": "CVE-2022-32917", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-32917"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and macOS", "due_date": "2022-10-05", "date_added": "2022-09-14", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e3f5458f-f0c6-421d-b3ac-b46caa31d380", "vulnerability": {"vulnId": "CVE-2022-37969", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-14T00:00:00+00:00"}, "gcve": {"object_uuid": "e3f5458f-f0c6-421d-b3ac-b46caa31d380", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-10-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37969;  https://nvd.nist.gov/vuln/detail/CVE-2022-37969"}, "references": [{"id": "CVE-2022-37969", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-37969"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-10-05", "date_added": "2022-09-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b9321d42-77a3-46a5-adf1-fc1613804471", "vulnerability": {"vulnId": "CVE-2011-1823", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "b9321d42-77a3-46a5-adf1-fc1613804471", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Android OS Privilege Escalation Vulnerability | Affected: Android / Android OS | Description: The vold volume manager daemon in Android kernel trusts messages from a PF_NETLINK socket, which allows an attacker to execute code and gain root privileges. This vulnerability is associated with GingerBreak and Exploit.AndroidOS.Lotoor. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://android.googlesource.com/platform/system/vold/+/c51920c82463b240e2be0430849837d6fdc5352e; https://nvd.nist.gov/vuln/detail/CVE-2011-1823"}, "references": [{"id": "CVE-2011-1823", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-1823"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-189"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Android OS", "due_date": "2022-09-29", "date_added": "2022-09-08", "vendorProject": "Android", "vulnerabilityName": "Android OS Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "66ca1429-5847-4166-afdd-5cf776abf2f2", "vulnerability": {"vulnId": "CVE-2022-26258", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "66ca1429-5847-4166-afdd-5cf776abf2f2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-08T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DIR-820L Remote Code Execution Vulnerability | Affected: D-Link / DIR-820L | Description: D-Link DIR-820L contains an unspecified vulnerability in Device Name parameter in /lan.asp which allows for remote code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-09-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10295;  https://nvd.nist.gov/vuln/detail/CVE-2022-26258"}, "references": [{"id": "CVE-2022-26258", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26258"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DIR-820L", "due_date": "2022-09-29", "date_added": "2022-09-08", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DIR-820L Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cd499811-bc42-499e-a52e-7f07cd461d92", "vulnerability": {"vulnId": "CVE-2011-4723", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "cd499811-bc42-499e-a52e-7f07cd461d92", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-08T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability | Affected: D-Link / DIR-300 Router | Description: The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-09-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.dlink.com/uk/en/support/product/dir-300-wireless-g-router; https://nvd.nist.gov/vuln/detail/CVE-2011-4723"}, "references": [{"id": "CVE-2011-4723", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-4723"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-310"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DIR-300 Router", "due_date": "2022-09-29", "date_added": "2022-09-08", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DIR-300 Router Cleartext Storage of a Password Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "79b0d129-6181-4a0e-8056-4860ee2bb170", "vulnerability": {"vulnId": "CVE-2018-7445", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "79b0d129-6181-4a0e-8056-4860ee2bb170", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-08T00:00:00Z"}, "scope": {"notes": "KEV entry: MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability | Affected: MikroTik / RouterOS | Description: In MikroTik RouterOS, a stack-based buffer overflow occurs when processing NetBIOS session request messages. Remote attackers with access to the service can exploit this vulnerability and gain code execution on the system. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.coresecurity.com/core-labs/advisories/mikrotik-routeros-smb-buffer-overflow#vendor_update, https://mikrotik.com/download; https://nvd.nist.gov/vuln/detail/CVE-2018-7445"}, "references": [{"id": "CVE-2018-7445", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-7445"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "RouterOS", "due_date": "2022-09-29", "date_added": "2022-09-08", "vendorProject": "MikroTik", "vulnerabilityName": "MikroTik RouterOS Stack-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5df48978-004c-45c7-adc0-2d22445caf02", "vulnerability": {"vulnId": "CVE-2018-13374", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "5df48978-004c-45c7-adc0-2d22445caf02", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS and FortiADC Improper Access Control Vulnerability | Affected: Fortinet / FortiOS and FortiADC | Description: Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-29 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.fortiguard.com/psirt/FG-IR-18-157; https://nvd.nist.gov/vuln/detail/CVE-2018-13374"}, "references": [{"id": "CVE-2018-13374", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-13374"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-732"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS and FortiADC", "due_date": "2022-09-29", "date_added": "2022-09-08", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS and FortiADC Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "0c58a18b-b792-474a-861b-35c44b12d961", "vulnerability": {"vulnId": "CVE-2018-2628", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "0c58a18b-b792-474a-861b-35c44b12d961", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle WebLogic Server Unspecified Vulnerability | Affected: Oracle / WebLogic Server | Description: Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.oracle.com/security-alerts/cpuapr2018.html; https://nvd.nist.gov/vuln/detail/CVE-2018-2628"}, "references": [{"id": "CVE-2018-2628", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-2628"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebLogic Server", "due_date": "2022-09-29", "date_added": "2022-09-08", "vendorProject": "Oracle", "vulnerabilityName": "Oracle WebLogic Server Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bfe81959-bfa1-455e-aed3-6ba7f082b297", "vulnerability": {"vulnId": "CVE-2018-6530", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "bfe81959-bfa1-455e-aed3-6ba7f082b297", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-08T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link Multiple Routers OS Command Injection Vulnerability | Affected: D-Link / Multiple Routers | Description: Multiple D-Link routers contain an unspecified vulnerability that allows for execution of OS commands. | Required action: The vendor D-Link published an advisory stating the fix under CVE-2018-20114 properly patches KEV entry CVE-2018-6530. If the device is still supported, apply updates per vendor instructions. If the affected device has since entered its end-of-life, it should be disconnected if still in use. | Due date: 2022-09-29 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10105; https://nvd.nist.gov/vuln/detail/CVE-2018-6530"}, "references": [{"id": "CVE-2018-6530", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-6530"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Routers", "due_date": "2022-09-29", "date_added": "2022-09-08", "vendorProject": "D-Link", "vulnerabilityName": "D-Link Multiple Routers OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "af1009e6-a1a1-4055-899d-734587b8d9da", "vulnerability": {"vulnId": "CVE-2022-3075", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "af1009e6-a1a1-4055-899d-734587b8d9da", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Mojo Insufficient Data Validation Vulnerability | Affected: Google / Chromium Mojo | Description: Google Chromium Mojo contains an insufficient data validation vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html, https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-3075;  https://nvd.nist.gov/vuln/detail/CVE-2022-3075"}, "references": [{"id": "CVE-2022-3075", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-3075"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium Mojo", "due_date": "2022-09-29", "date_added": "2022-09-08", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Mojo Insufficient Data Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a6f65fc1-c5c3-458c-83c7-dd8a71fd7b2a", "vulnerability": {"vulnId": "CVE-2022-27593", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "a6f65fc1-c5c3-458c-83c7-dd8a71fd7b2a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-08T00:00:00Z"}, "scope": {"notes": "KEV entry: QNAP Photo Station Externally Controlled Reference Vulnerability | Affected: QNAP / Photo Station | Description: Certain QNAP NAS running Photo Station with internet exposure contain an externally controlled reference to a resource vulnerability which can allow an attacker to modify system files. This vulnerability was observed being utilized in a Deadbolt ransomware campaign. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-29 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.qnap.com/en/security-advisory/qsa-22-24;  https://nvd.nist.gov/vuln/detail/CVE-2022-27593"}, "references": [{"id": "CVE-2022-27593", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-27593"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-610"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Photo Station", "due_date": "2022-09-29", "date_added": "2022-09-08", "vendorProject": "QNAP", "vulnerabilityName": "QNAP Photo Station Externally Controlled Reference Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "a3a5e7dd-c248-4085-ac56-7d1b8e1322dc", "vulnerability": {"vulnId": "CVE-2020-9934", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "a3a5e7dd-c248-4085-ac56-7d1b8e1322dc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and macOS Input Validation Vulnerability | Affected: Apple / iOS, iPadOS, and macOS | Description: Apple iOS, iPadOS, and macOS contain an unspecified vulnerability involving input validation which can allow a local attacker to view sensitive user information. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT211288, https://support.apple.com/en-us/HT211289; https://nvd.nist.gov/vuln/detail/CVE-2020-9934"}, "references": [{"id": "CVE-2020-9934", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-9934"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and macOS", "due_date": "2022-09-29", "date_added": "2022-09-08", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and macOS Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "99076798-11dc-48eb-9ee9-426575d88fa1", "vulnerability": {"vulnId": "CVE-2017-5521", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-09-08T00:00:00+00:00"}, "gcve": {"object_uuid": "99076798-11dc-48eb-9ee9-426575d88fa1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-09-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-09-08T00:00:00Z"}, "scope": {"notes": "KEV entry: NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability | Affected: NETGEAR / Multiple Devices | Description: Multiple NETGEAR devices are prone to admin password disclosure via simple crafted requests to the web management server. | Required action: Apply updates per vendor instructions. If the affected device has since entered end-of-life, it should be disconnected if still in use. | Due date: 2022-09-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://kb.netgear.com/30632/Web-GUI-Password-Recovery-and-Exposure-Security-Vulnerability; https://nvd.nist.gov/vuln/detail/CVE-2017-5521"}, "references": [{"id": "CVE-2017-5521", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-5521"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Devices", "due_date": "2022-09-29", "date_added": "2022-09-08", "vendorProject": "NETGEAR", "vulnerabilityName": "NETGEAR Multiple Devices Exposure of Sensitive Information Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2062da36-fce0-4bcc-96d5-f61def201521", "vulnerability": {"vulnId": "CVE-2022-26352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2062da36-fce0-4bcc-96d5-f61def201521", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: dotCMS Unrestricted Upload of File Vulnerability | Affected: dotCMS / dotCMS | Description: dotCMS ContentResource API contains an unrestricted upload of file with a dangerous type vulnerability that allows for directory traversal, in which the file is saved outside of the intended storage location. Exploitation allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://www.dotcms.com/security/SI-62;  https://nvd.nist.gov/vuln/detail/CVE-2022-26352"}, "references": [{"id": "CVE-2022-26352", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26352"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22", "CWE-138"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "dotCMS", "due_date": "2022-09-15", "date_added": "2022-08-25", "vendorProject": "dotCMS", "vulnerabilityName": "dotCMS Unrestricted Upload of File Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "40a6547f-e20b-4e29-b709-f550acff0889", "vulnerability": {"vulnId": "CVE-2022-22963", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "40a6547f-e20b-4e29-b709-f550acff0889", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability | Affected: VMware Tanzu / Spring Cloud | Description: When using routing functionality in VMware Tanzu's Spring Cloud Function, it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://tanzu.vmware.com/security/cve-2022-22963;  https://nvd.nist.gov/vuln/detail/CVE-2022-22963"}, "references": [{"id": "CVE-2022-22963", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22963"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Spring Cloud", "due_date": "2022-09-15", "date_added": "2022-08-25", "vendorProject": "VMware Tanzu", "vulnerabilityName": "VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e92780c3-e73f-426d-80c7-a8d18324bbe4", "vulnerability": {"vulnId": "CVE-2022-24706", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e92780c3-e73f-426d-80c7-a8d18324bbe4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache CouchDB Insecure Default Initialization of Resource Vulnerability | Affected: Apache / CouchDB | Description: Apache CouchDB contains an insecure default initialization of resource vulnerability which can allow an attacker to escalate to administrative privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://lists.apache.org/thread/w24wo0h8nlctfps65txvk0oc5hdcnv00;  https://nvd.nist.gov/vuln/detail/CVE-2022-24706"}, "references": [{"id": "CVE-2022-24706", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-24706"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1188"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "CouchDB", "due_date": "2022-09-15", "date_added": "2022-08-25", "vendorProject": "Apache", "vulnerabilityName": "Apache CouchDB Insecure Default Initialization of Resource Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "42d62e71-f44b-4b6c-99d3-66bc8b6cb6d5", "vulnerability": {"vulnId": "CVE-2021-31010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "42d62e71-f44b-4b6c-99d3-66bc8b6cb6d5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability | Affected: Apple / iOS, macOS, watchOS | Description: In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-us/HT212804, https://support.apple.com/en-us/HT212805, https://support.apple.com/en-us/HT212806, https://support.apple.com/en-us/HT212807, https://support.apple.com/en-us/HT212824; https://nvd.nist.gov/vuln/detail/CVE-2021-31010"}, "references": [{"id": "CVE-2021-31010", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-31010"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, macOS, watchOS", "due_date": "2022-09-15", "date_added": "2022-08-25", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b4a75922-8ba0-42bf-b698-374611cf6e66", "vulnerability": {"vulnId": "CVE-2022-2294", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "b4a75922-8ba0-42bf-b698-374611cf6e66", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: WebRTC Heap Buffer Overflow Vulnerability | Affected: WebRTC / WebRTC | Description: WebRTC, an open-source project providing web browsers with real-time communication, contains a heap buffer overflow vulnerability that allows an attacker to perform shellcode execution. This vulnerability impacts web browsers using WebRTC including but not limited to Google Chrome. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://groups.google.com/g/discuss-webrtc/c/5KBtZx2gvcQ;  https://nvd.nist.gov/vuln/detail/CVE-2022-2294"}, "references": [{"id": "CVE-2022-2294", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-2294"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebRTC", "due_date": "2022-09-15", "date_added": "2022-08-25", "vendorProject": "WebRTC", "vulnerabilityName": "WebRTC Heap Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "b9b7247a-9ecf-45c0-bf89-cfeb3ea17477", "vulnerability": {"vulnId": "CVE-2022-24112", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "b9b7247a-9ecf-45c0-bf89-cfeb3ea17477", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache APISIX Authentication Bypass Vulnerability | Affected: Apache / APISIX | Description: Apache APISIX contains an authentication bypass vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://lists.apache.org/thread/lcdqywz8zy94mdysk7p3gfdgn51jmt94;  https://nvd.nist.gov/vuln/detail/CVE-2022-24112"}, "references": [{"id": "CVE-2022-24112", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-24112"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-290"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "APISIX", "due_date": "2022-09-15", "date_added": "2022-08-25", "vendorProject": "Apache", "vulnerabilityName": "Apache APISIX Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8abf3b96-398b-4f09-9cf0-39c21c03fe32", "vulnerability": {"vulnId": "CVE-2021-39226", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "8abf3b96-398b-4f09-9cf0-39c21c03fe32", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Grafana Authentication Bypass Vulnerability | Affected: Grafana Labs / Grafana | Description: Grafana contains an authentication bypass vulnerability that allows authenticated and unauthenticated users to view and delete all snapshot data, potentially resulting in complete snapshot data loss. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://grafana.com/blog/2021/10/05/grafana-7.5.11-and-8.1.6-released-with-critical-security-fix/; https://nvd.nist.gov/vuln/detail/CVE-2021-39226"}, "references": [{"id": "CVE-2021-39226", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-39226"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Grafana", "due_date": "2022-09-15", "date_added": "2022-08-25", "vendorProject": "Grafana Labs", "vulnerabilityName": "Grafana Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4ee9d2e6-cf2a-4d61-9efc-f501acd8b031", "vulnerability": {"vulnId": "CVE-2020-36193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4ee9d2e6-cf2a-4d61-9efc-f501acd8b031", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: PEAR Archive_Tar Improper Link Resolution Vulnerability | Affected: PEAR / Archive_Tar | Description: PEAR Archive_Tar Tar.php allows write operations with directory traversal due to inadequate checking of symbolic links. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://github.com/pear/Archive_Tar/commit/cde460582ff389404b5b3ccb59374e9b389de916, https://www.drupal.org/sa-core-2021-001, https://access.redhat.com/security/cve/cve-2020-36193; https://nvd.nist.gov/vuln/detail/CVE-2020-36193"}, "references": [{"id": "CVE-2020-36193", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-36193"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22", "CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Archive_Tar", "due_date": "2022-09-15", "date_added": "2022-08-25", "vendorProject": "PEAR", "vulnerabilityName": "PEAR Archive_Tar Improper Link Resolution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "728a5d39-7136-48fc-ac9d-8c6140b2c74b", "vulnerability": {"vulnId": "CVE-2020-28949", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "728a5d39-7136-48fc-ac9d-8c6140b2c74b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability | Affected: PEAR / Archive_Tar | Description: PEAR Archive_Tar allows an unserialization attack because phar: is blocked but PHAR: is not blocked. PEAR stands for PHP Extension and Application Repository and it is an open-source framework and distribution system for reusable PHP components with known usage in third-party products such as Drupal Core and Red Hat Linux. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://pear.php.net/bugs/bug.php?id=27002, https://www.drupal.org/sa-core-2020-013, https://access.redhat.com/security/cve/cve-2020-28949; https://nvd.nist.gov/vuln/detail/CVE-2020-28949"}, "references": [{"id": "CVE-2020-28949", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-28949"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Archive_Tar", "due_date": "2022-09-15", "date_added": "2022-08-25", "vendorProject": "PEAR", "vulnerabilityName": "PEAR Archive_Tar Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "71c7d200-7205-45f7-9b14-8e6388d9ac28", "vulnerability": {"vulnId": "CVE-2021-38406", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-25T00:00:00+00:00"}, "gcve": {"object_uuid": "71c7d200-7205-45f7-9b14-8e6388d9ac28", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability | Affected: Delta Electronics / DOPSoft 2 | Description: Delta Electronics DOPSoft 2 lacks proper validation of user-supplied data when parsing specific project files (improper input validation) resulting in an out-of-bounds write that allows for code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-09-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://www.cisa.gov/uscert/ics/advisories/icsa-21-252-02; https://nvd.nist.gov/vuln/detail/CVE-2021-38406"}, "references": [{"id": "CVE-2021-38406", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-38406"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DOPSoft 2", "due_date": "2022-09-15", "date_added": "2022-08-25", "vendorProject": "Delta Electronics", "vulnerabilityName": "Delta Electronics DOPSoft 2 Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e36ecf83-48fa-4b7e-8ab8-5b2558aab4bd", "vulnerability": {"vulnId": "CVE-2022-0028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-22T00:00:00+00:00"}, "gcve": {"object_uuid": "e36ecf83-48fa-4b7e-8ab8-5b2558aab4bd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability | Affected: Palo Alto Networks / PAN-OS | Description: A Palo Alto Networks PAN-OS URL filtering policy misconfiguration could allow a network-based attacker to conduct reflected and amplified TCP denial-of-service (RDoS) attacks. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-12 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.paloaltonetworks.com/CVE-2022-0028; https://nvd.nist.gov/vuln/detail/CVE-2022-0028"}, "references": [{"id": "CVE-2022-0028", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-0028"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-940"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PAN-OS", "due_date": "2022-09-12", "date_added": "2022-08-22", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks PAN-OS Reflected Amplification Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c70ddbc2-bb14-44e5-8d39-378d69b53b6e", "vulnerability": {"vulnId": "CVE-2022-32893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "c70ddbc2-bb14-44e5-8d39-378d69b53b6e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS and macOS Out-of-Bounds Write Vulnerability | Affected: Apple / iOS and macOS | Description: Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow for remote code execution when processing malicious crafted web content. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-gb/HT213412, https://support.apple.com/en-gb/HT213413;  https://nvd.nist.gov/vuln/detail/CVE-2022-32893"}, "references": [{"id": "CVE-2022-32893", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-32893"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS and macOS", "due_date": "2022-09-08", "date_added": "2022-08-18", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS and macOS Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4823c432-8143-48ca-9130-7a16ee18f8d7", "vulnerability": {"vulnId": "CVE-2022-22536", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "4823c432-8143-48ca-9130-7a16ee18f8d7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-18T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP Multiple Products HTTP Request Smuggling Vulnerability | Affected: SAP / Multiple Products | Description: SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server and SAP Web Dispatcher allow HTTP request smuggling. An unauthenticated attacker can prepend a victim's request with arbitrary data, allowing for function execution impersonating the victim or poisoning intermediary Web caches. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): SAP users must have an account in order to login and access the patch. https://accounts.sap.com/saml2/idp/sso;  https://nvd.nist.gov/vuln/detail/CVE-2022-22536"}, "references": [{"id": "CVE-2022-22536", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22536"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-444"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-09-08", "date_added": "2022-08-18", "vendorProject": "SAP", "vulnerabilityName": "SAP Multiple Products HTTP Request Smuggling Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8c27f67e-cc6c-43f6-9706-8c7be99c8729", "vulnerability": {"vulnId": "CVE-2022-2856", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "8c27f67e-cc6c-43f6-9706-8c7be99c8729", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Intents Insufficient Input Validation Vulnerability | Affected: Google / Chromium Intents | Description: Google Chromium Intents contains an insufficient validation of untrusted input vulnerability that allows a remote attacker to browse to a malicious website via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-2856"}, "references": [{"id": "CVE-2022-2856", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-2856"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium Intents", "due_date": "2022-09-08", "date_added": "2022-08-18", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Intents Insufficient Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b7df40e3-bcb6-4eef-8ba5-b10ddbe05789", "vulnerability": {"vulnId": "CVE-2022-26923", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "b7df40e3-bcb6-4eef-8ba5-b10ddbe05789", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Active Directory Domain Services Privilege Escalation Vulnerability | Affected: Microsoft / Active Directory | Description: An authenticated user could manipulate attributes on computer accounts they own or manage, and acquire a certificate from Active Directory Certificate Services that would allow for privilege escalation to SYSTEM. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26923;  https://nvd.nist.gov/vuln/detail/CVE-2022-26923"}, "references": [{"id": "CVE-2022-26923", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26923"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-295"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Active Directory", "due_date": "2022-09-08", "date_added": "2022-08-18", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Active Directory Domain Services Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "86666d31-3f2c-432c-b3ae-61cbf57419fb", "vulnerability": {"vulnId": "CVE-2022-21971", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "86666d31-3f2c-432c-b3ae-61cbf57419fb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Runtime Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Runtime contains an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-21971;  https://nvd.nist.gov/vuln/detail/CVE-2022-21971"}, "references": [{"id": "CVE-2022-21971", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-21971"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-824"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-09-08", "date_added": "2022-08-18", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Runtime Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f0098991-f18f-489c-8504-8bbd9362ad71", "vulnerability": {"vulnId": "CVE-2022-32894", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "f0098991-f18f-489c-8504-8bbd9362ad71", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS and macOS Out-of-Bounds Write Vulnerability | Affected: Apple / iOS and macOS | Description: Apple iOS and macOS contain an out-of-bounds write vulnerability that could allow an application to execute code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://support.apple.com/en-gb/HT213412, https://support.apple.com/en-gb/HT213413;  https://nvd.nist.gov/vuln/detail/CVE-2022-32894"}, "references": [{"id": "CVE-2022-32894", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-32894"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS and macOS", "due_date": "2022-09-08", "date_added": "2022-08-18", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS and macOS Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "12555b59-dbdf-42fa-8211-6adbc7b8a064", "vulnerability": {"vulnId": "CVE-2017-15944", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-18T00:00:00+00:00"}, "gcve": {"object_uuid": "12555b59-dbdf-42fa-8211-6adbc7b8a064", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks PAN-OS Remote Code Execution Vulnerability | Affected: Palo Alto Networks / PAN-OS | Description: Palo Alto Networks PAN-OS contains multiple, unspecified vulnerabilities which can allow for remote code execution when chained. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://security.paloaltonetworks.com/CVE-2017-15944; https://nvd.nist.gov/vuln/detail/CVE-2017-15944"}, "references": [{"id": "CVE-2017-15944", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-15944"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PAN-OS", "due_date": "2022-09-08", "date_added": "2022-08-18", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks PAN-OS Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0647d977-365d-4d49-9ed9-647141648903", "vulnerability": {"vulnId": "CVE-2022-27925", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-11T00:00:00+00:00"}, "gcve": {"object_uuid": "0647d977-365d-4d49-9ed9-647141648903", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains flaw in the mboximport functionality, allowing an authenticated attacker to upload arbitrary files to perform remote code execution. This vulnerability was chained with CVE-2022-37042 which allows for unauthenticated remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-01 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/;  https://nvd.nist.gov/vuln/detail/CVE-2022-27925"}, "references": [{"id": "CVE-2022-27925", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-27925"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2022-09-01", "date_added": "2022-08-11", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Arbitrary File Upload Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "0f177369-aaaa-4b02-bdbc-26c216312552", "vulnerability": {"vulnId": "CVE-2022-37042", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-11T00:00:00+00:00"}, "gcve": {"object_uuid": "0f177369-aaaa-4b02-bdbc-26c216312552", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains an authentication bypass vulnerability in MailboxImportServlet. This vulnerability was chained with CVE-2022-27925 which allows for unauthenticated remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-01 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://blog.zimbra.com/2022/08/authentication-bypass-in-mailboximportservlet-vulnerability/;  https://nvd.nist.gov/vuln/detail/CVE-2022-37042"}, "references": [{"id": "CVE-2022-37042", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-37042"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-23"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2022-09-01", "date_added": "2022-08-11", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "c8c14150-49f1-4775-9a83-e18b45574ee6", "vulnerability": {"vulnId": "CVE-2022-34713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-09T00:00:00+00:00"}, "gcve": {"object_uuid": "c8c14150-49f1-4775-9a83-e18b45574ee6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-09T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: A remote code execution vulnerability exists when Microsoft Windows MSDT is called using the URL protocol from a calling application. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-34713;  https://nvd.nist.gov/vuln/detail/CVE-2022-34713"}, "references": [{"id": "CVE-2022-34713", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-34713"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-08-30", "date_added": "2022-08-09", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e84219f4-2a3a-44ff-80ee-bd035efd3481", "vulnerability": {"vulnId": "CVE-2022-30333", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-09T00:00:00+00:00"}, "gcve": {"object_uuid": "e84219f4-2a3a-44ff-80ee-bd035efd3481", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-09T00:00:00Z"}, "scope": {"notes": "KEV entry: RARLAB UnRAR Directory Traversal Vulnerability | Affected: RARLAB / UnRAR | Description: RARLAB UnRAR on Linux and UNIX contains a directory traversal vulnerability, allowing an attacker to write to files during an extract (unpack) operation. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-30 | Known ransomware campaign use (KEV): Known | Notes (KEV): Vulnerability updated with version 6.12. Accessing link will download update information: https://www.rarlab.com/rar/rarlinux-x32-612.tar.gz;  https://nvd.nist.gov/vuln/detail/CVE-2022-30333"}, "references": [{"id": "CVE-2022-30333", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-30333"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22", "CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "UnRAR", "due_date": "2022-08-30", "date_added": "2022-08-09", "vendorProject": "RARLAB", "vulnerabilityName": "RARLAB UnRAR Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "e0f28782-b68a-48c6-ba25-00c324fdec21", "vulnerability": {"vulnId": "CVE-2022-27924", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-08-04T00:00:00+00:00"}, "gcve": {"object_uuid": "e0f28782-b68a-48c6-ba25-00c324fdec21", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-08-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-08-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) allows an attacker to inject memcache commands into a targeted instance which causes an overwrite of arbitrary cached entries. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-25 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P24.1#Security_Fixes;  https://nvd.nist.gov/vuln/detail/CVE-2022-27924"}, "references": [{"id": "CVE-2022-27924", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-27924"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-93"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2022-08-25", "date_added": "2022-08-04", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "e95cf65e-9a20-4987-9838-de8eb3bed49e", "vulnerability": {"vulnId": "CVE-2022-26138", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-07-29T00:00:00+00:00"}, "gcve": {"object_uuid": "e95cf65e-9a20-4987-9838-de8eb3bed49e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-07-29T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-07-29T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability | Affected: Atlassian / Confluence | Description: Atlassian Questions For Confluence App has hard-coded credentials, exposing the username and password in plaintext. A remote unauthenticated attacker can use these credentials to log into Confluence and access all content accessible to users in the confluence-users group. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-19 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html;  https://nvd.nist.gov/vuln/detail/CVE-2022-26138"}, "references": [{"id": "CVE-2022-26138", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26138"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-798"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Confluence", "due_date": "2022-08-19", "date_added": "2022-07-29", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Questions For Confluence App Hard-coded Credentials Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6e240e00-7499-46a9-bc7a-1285564f302f", "vulnerability": {"vulnId": "CVE-2022-22047", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-07-12T00:00:00+00:00"}, "gcve": {"object_uuid": "6e240e00-7499-46a9-bc7a-1285564f302f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-07-12T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-07-12T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows CSRSS contains an unspecified vulnerability that allows for privilege escalation to SYSTEM privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-22047;  https://nvd.nist.gov/vuln/detail/CVE-2022-22047"}, "references": [{"id": "CVE-2022-22047", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22047"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-426"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-08-02", "date_added": "2022-07-12", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Client Server Runtime Subsystem (CSRSS) Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "837eb07a-819a-4153-9c9d-aa7cf23b079c", "vulnerability": {"vulnId": "CVE-2022-26925", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-07-01T00:00:00+00:00"}, "gcve": {"object_uuid": "837eb07a-819a-4153-9c9d-aa7cf23b079c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-07-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-07-01T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows LSA Spoofing Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability where an attacker can coerce the domain controller to authenticate to the attacker using NTLM. | Required action: Apply remediation actions outlined in CISA guidance [https://www.cisa.gov/guidance-applying-june-microsoft-patch]. | Due date: 2022-07-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): WARNING: This update is required on all Microsoft Windows endpoints but if deployed to domain controllers without additional configuration changes the update breaks PIV/CAC authentication. Read CISA implementation guidance carefully before deploying to domain controllers.;  https://nvd.nist.gov/vuln/detail/CVE-2022-26925"}, "references": [{"id": "CVE-2022-26925", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26925"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-07-22", "date_added": "2022-07-01", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows LSA Spoofing Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c9f01d1c-55dd-4489-af92-3e7eeacdbbdf", "vulnerability": {"vulnId": "CVE-2019-8605", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "c9f01d1c-55dd-4489-af92-3e7eeacdbbdf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-27T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Use-After-Free Vulnerability | Affected: Apple / Multiple Products | Description: A use-after-free vulnerability in Apple iOS, macOS, tvOS, and watchOS could allow a malicious application to execute code with system privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-8605"}, "references": [{"id": "CVE-2019-8605", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-8605"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-07-18", "date_added": "2022-06-27", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7fe116ac-def8-4e0e-809b-181f0ac6dd19", "vulnerability": {"vulnId": "CVE-2020-3837", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "7fe116ac-def8-4e0e-809b-181f0ac6dd19", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-27T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3837"}, "references": [{"id": "CVE-2020-3837", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3837"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-07-18", "date_added": "2022-06-27", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "518ac670-b61f-4ca6-97e4-1e8262566fc6", "vulnerability": {"vulnId": "CVE-2021-4034", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "518ac670-b61f-4ca6-97e4-1e8262566fc6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-27T00:00:00Z"}, "scope": {"notes": "KEV entry: Red Hat Polkit Out-of-Bounds Read and Write Vulnerability | Affected: Red Hat / Polkit | Description: The Red Hat polkit pkexec utility contains an out-of-bounds read and write vulnerability that allows for privilege escalation with administrative rights. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-4034"}, "references": [{"id": "CVE-2021-4034", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-4034"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Polkit", "due_date": "2022-07-18", "date_added": "2022-06-27", "vendorProject": "Red Hat", "vulnerabilityName": "Red Hat Polkit Out-of-Bounds Read and Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ab92fbfd-0553-4d1d-9aba-85499aecfe6b", "vulnerability": {"vulnId": "CVE-2022-29499", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "ab92fbfd-0553-4d1d-9aba-85499aecfe6b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-27T00:00:00Z"}, "scope": {"notes": "KEV entry: Mitel MiVoice Connect Data Validation Vulnerability | Affected: Mitel / MiVoice Connect | Description: The Service Appliance component in Mitel MiVoice Connect allows remote code execution due to incorrect data validation. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-29499"}, "references": [{"id": "CVE-2022-29499", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-29499"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MiVoice Connect", "due_date": "2022-07-18", "date_added": "2022-06-27", "vendorProject": "Mitel", "vulnerabilityName": "Mitel MiVoice Connect Data Validation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "0df1edc0-c834-4915-8cfa-b60c712528ad", "vulnerability": {"vulnId": "CVE-2020-9907", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "0df1edc0-c834-4915-8cfa-b60c712528ad", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-27T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, and tvOS contain a memory corruption vulnerability that could allow an application to execute code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-9907"}, "references": [{"id": "CVE-2020-9907", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-9907"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-07-18", "date_added": "2022-06-27", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1087ee46-bf14-42f4-8e22-edb7b00d4083", "vulnerability": {"vulnId": "CVE-2021-30533", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "1087ee46-bf14-42f4-8e22-edb7b00d4083", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-27T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium PopupBlocker Security Bypass Vulnerability | Affected: Google / Chromium PopupBlocker | Description: Google Chromium PopupBlocker contains an insufficient policy enforcement vulnerability that allows a remote attacker to bypass navigation restrictions via a crafted iframe. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30533"}, "references": [{"id": "CVE-2021-30533", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30533"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium PopupBlocker", "due_date": "2022-07-18", "date_added": "2022-06-27", "vendorProject": "Google", "vulnerabilityName": "Google Chromium PopupBlocker Security Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e706e310-0ead-401c-b605-ba9f03e1e516", "vulnerability": {"vulnId": "CVE-2018-4344", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "e706e310-0ead-401c-b605-ba9f03e1e516", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-27T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, macOS, tvOS, and watchOS contain a memory corruption vulnerability which can allow for code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-4344"}, "references": [{"id": "CVE-2018-4344", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-4344"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-07-18", "date_added": "2022-06-27", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "24a9eee0-8a2a-4b95-a3f7-e7c4a8a11363", "vulnerability": {"vulnId": "CVE-2021-30983", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-27T00:00:00+00:00"}, "gcve": {"object_uuid": "24a9eee0-8a2a-4b95-a3f7-e7c4a8a11363", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-27T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-27T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS and iPadOS Buffer Overflow Vulnerability | Affected: Apple / iOS and iPadOS | Description: Apple iOS and iPadOS contain a buffer overflow vulnerability that could allow an application to execute code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30983"}, "references": [{"id": "CVE-2021-30983", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30983"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS and iPadOS", "due_date": "2022-07-18", "date_added": "2022-06-27", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS and iPadOS Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a24c34a5-ecd1-4d12-8e98-0503826daa06", "vulnerability": {"vulnId": "CVE-2022-30190", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-14T00:00:00+00:00"}, "gcve": {"object_uuid": "a24c34a5-ecd1-4d12-8e98-0503826daa06", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-14T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run code with the privileges of the calling application. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-30190"}, "references": [{"id": "CVE-2022-30190", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-30190"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-610"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-07-05", "date_added": "2022-06-14", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Support Diagnostic Tool (MSDT) Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2814e0fe-3e1c-499c-8299-714b52390719", "vulnerability": {"vulnId": "CVE-2016-2386", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-09T00:00:00+00:00"}, "gcve": {"object_uuid": "2814e0fe-3e1c-499c-8299-714b52390719", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-09T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver SQL Injection Vulnerability | Affected: SAP / NetWeaver | Description: SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-2386"}, "references": [{"id": "CVE-2016-2386", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-2386"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2022-06-30", "date_added": "2022-06-09", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "afafde80-2bf1-4bae-9bc6-16cc5bdf8822", "vulnerability": {"vulnId": "CVE-2021-38163", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-09T00:00:00+00:00"}, "gcve": {"object_uuid": "afafde80-2bf1-4bae-9bc6-16cc5bdf8822", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-09T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver Unrestricted File Upload Vulnerability | Affected: SAP / NetWeaver | Description: SAP NetWeaver contains a vulnerability that allows unrestricted file upload. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-38163"}, "references": [{"id": "CVE-2021-38163", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-38163"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-23"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2022-06-30", "date_added": "2022-06-09", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver Unrestricted File Upload Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c815d769-72d7-4db4-b6cd-41591fa2f54d", "vulnerability": {"vulnId": "CVE-2016-2388", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-09T00:00:00+00:00"}, "gcve": {"object_uuid": "c815d769-72d7-4db4-b6cd-41591fa2f54d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-09T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-09T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver Information Disclosure Vulnerability | Affected: SAP / NetWeaver | Description: The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-30 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-2388"}, "references": [{"id": "CVE-2016-2388", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-2388"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2022-06-30", "date_added": "2022-06-09", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fc9832e1-fb43-449c-b531-c21e587c9916", "vulnerability": {"vulnId": "CVE-2009-3953", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "fc9832e1-fb43-449c-b531-c21e587c9916", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability | Affected: Adobe / Acrobat and Reader | Description: Adobe Acrobat and Reader contains an array boundary issue in Universal 3D (U3D) support that could lead to remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2009-3953"}, "references": [{"id": "CVE-2009-3953", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-3953"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Acrobat and Reader", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bd8c2468-8457-42ea-8b0e-cfe16750c14a", "vulnerability": {"vulnId": "CVE-2018-4990", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "bd8c2468-8457-42ea-8b0e-cfe16750c14a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Acrobat and Reader Double Free Vulnerability | Affected: Adobe / Acrobat and Reader | Description: Adobe Acrobat and Reader have a double free vulnerability that could lead to remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-4990"}, "references": [{"id": "CVE-2018-4990", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-4990"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-415"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Acrobat and Reader", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Acrobat and Reader Double Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "62d93694-7d42-461a-9c30-6277468f471d", "vulnerability": {"vulnId": "CVE-2009-0563", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "62d93694-7d42-461a-9c30-6277468f471d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Buffer Overflow Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via a Word document with a crafted tag containing an invalid length field. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2009-0563"}, "references": [{"id": "CVE-2009-0563", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-0563"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d424be2d-04a5-4153-a45c-ee29ad34176e", "vulnerability": {"vulnId": "CVE-2017-6862", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "d424be2d-04a5-4153-a45c-ee29ad34176e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: NETGEAR Multiple Devices Buffer Overflow Vulnerability | Affected: NETGEAR / Multiple Devices | Description: Multiple NETGEAR devices contain a buffer overflow vulnerability that allows for authentication bypass and remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6862"}, "references": [{"id": "CVE-2017-6862", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6862"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Devices", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "NETGEAR", "vulnerabilityName": "NETGEAR Multiple Devices Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "59cd6d70-5e15-4855-972c-6c36293ea5f3", "vulnerability": {"vulnId": "CVE-2008-0655", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "59cd6d70-5e15-4855-972c-6c36293ea5f3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Acrobat and Reader Unspecified Vulnerability | Affected: Adobe / Acrobat and Reader | Description: Adobe Acrobat and Reader contains an unespecified vulnerability described as a design flaw which could allow a specially crafted file to be printed silently an arbitrary number of times. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2008-0655"}, "references": [{"id": "CVE-2008-0655", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2008-0655"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Acrobat and Reader", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Acrobat and Reader Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e35a6beb-1fa2-4bd8-b751-eecaf7124a02", "vulnerability": {"vulnId": "CVE-2010-2883", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "e35a6beb-1fa2-4bd8-b751-eecaf7124a02", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability | Affected: Adobe / Acrobat and Reader | Description: Adobe Acrobat and Reader contain a stack-based buffer overflow vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-2883"}, "references": [{"id": "CVE-2010-2883", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-2883"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Acrobat and Reader", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Acrobat and Reader Stack-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d3f63bbf-9cf1-48bb-a61d-55da8b935074", "vulnerability": {"vulnId": "CVE-2012-1889", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "d3f63bbf-9cf1-48bb-a61d-55da8b935074", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft XML Core Services Memory Corruption Vulnerability | Affected: Microsoft / XML Core Services | Description: Microsoft XML Core Services contains a memory corruption vulnerability which could allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-1889"}, "references": [{"id": "CVE-2012-1889", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-1889"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "XML Core Services", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft XML Core Services Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e3172a16-a76c-4c0c-ae66-48b9d9074cbf", "vulnerability": {"vulnId": "CVE-2012-5054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "e3172a16-a76c-4c0c-ae66-48b9d9074cbf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Integer Overflow Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains an integer overflow vulnerability that allows remote attackers to execute code via malformed arguments. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-5054"}, "references": [{"id": "CVE-2012-5054", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-5054"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-189"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2729e1d8-8112-48fe-8d5f-7671a4751615", "vulnerability": {"vulnId": "CVE-2019-7195", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "2729e1d8-8112-48fe-8d5f-7671a4751615", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: QNAP Photo Station Path Traversal Vulnerability | Affected: QNAP / Photo Station | Description: QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-7195"}, "references": [{"id": "CVE-2019-7195", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7195"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Photo Station", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "QNAP", "vulnerabilityName": "QNAP Photo Station Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "6853ba36-a422-4583-8a26-6a1540fe83b6", "vulnerability": {"vulnId": "CVE-2018-6065", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "6853ba36-a422-4583-8a26-6a1540fe83b6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Integer Overflow Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains an integer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-6065"}, "references": [{"id": "CVE-2018-6065", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-6065"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190", "CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bb0143a3-e487-41a4-953e-e07f27b1793b", "vulnerability": {"vulnId": "CVE-2012-4969", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "bb0143a3-e487-41a4-953e-e07f27b1793b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Use-After-Free Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a use-after-free vulnerability that allows remote attackers to execute code via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-4969"}, "references": [{"id": "CVE-2012-4969", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-4969"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "68eb2699-bfa8-4942-8d06-d197267d735c", "vulnerability": {"vulnId": "CVE-2019-15271", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "68eb2699-bfa8-4942-8d06-d197267d735c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability | Affected: Cisco / RV Series Routers | Description: A deserialization of untrusted data vulnerability in the web-based management interface of certain Cisco Small Business RV Series Routers could allow an attacker to execute code with root privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-15271"}, "references": [{"id": "CVE-2019-15271", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-15271"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "RV Series Routers", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Cisco", "vulnerabilityName": "Cisco RV Series Routers Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "34769deb-b6ac-4e4f-a414-60abc6613f29", "vulnerability": {"vulnId": "CVE-2017-5030", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "34769deb-b6ac-4e4f-a414-60abc6613f29", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Memory Corruption Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a memory corruption vulnerability that allows a remote attacker to execute code via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-5030"}, "references": [{"id": "CVE-2017-5030", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-5030"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-125"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ea878e81-f4da-4316-bcf2-944e7e213a6e", "vulnerability": {"vulnId": "CVE-2019-7194", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "ea878e81-f4da-4316-bcf2-944e7e213a6e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: QNAP Photo Station Path Traversal Vulnerability | Affected: QNAP / Photo Station | Description: QNAP devices running Photo Station contain an external control of file name or path vulnerability allowing remote attackers to access or modify system files. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-7194"}, "references": [{"id": "CVE-2019-7194", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7194"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Photo Station", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "QNAP", "vulnerabilityName": "QNAP Photo Station Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "876e310b-f22e-437f-8abe-2f4aa537f0bd", "vulnerability": {"vulnId": "CVE-2007-5659", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "876e310b-f22e-437f-8abe-2f4aa537f0bd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Acrobat and Reader Buffer Overflow Vulnerability | Affected: Adobe / Acrobat and Reader | Description: Adobe Acrobat and Reader contain a buffer overflow vulnerability that allows remote attackers to execute code via a PDF file with long arguments to unspecified JavaScript methods. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2007-5659"}, "references": [{"id": "CVE-2007-5659", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2007-5659"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Acrobat and Reader", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Acrobat and Reader Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ea34a231-b4af-41e8-b8a4-2195ae0adeb9", "vulnerability": {"vulnId": "CVE-2016-5198", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "ea34a231-b4af-41e8-b8a4-2195ae0adeb9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Out-of-Bounds Memory Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains an out-of-bounds memory access vulnerability that allows a remote attacker to perform read/write operations, leading to code execution, via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-5198"}, "references": [{"id": "CVE-2016-5198", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-5198"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-125", "CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Out-of-Bounds Memory Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b58c47ee-e188-44ec-893b-def5f799ae34", "vulnerability": {"vulnId": "CVE-2006-2492", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "b58c47ee-e188-44ec-893b-def5f799ae34", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Word Malformed Object Pointer Vulnerability | Affected: Microsoft / Word | Description: Microsoft Word and Microsoft Works Suites contain a malformed object pointer which allows attackers to execute code. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2006-2492"}, "references": [{"id": "CVE-2006-2492", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2006-2492"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-120"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Word", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Word Malformed Object Pointer Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b474154a-33fb-4f16-a28b-9be47ace38cc", "vulnerability": {"vulnId": "CVE-2012-0767", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "b474154a-33fb-4f16-a28b-9be47ace38cc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains a XSS vulnerability that allows remote attackers to inject web script or HTML. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-0767"}, "references": [{"id": "CVE-2012-0767", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-0767"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ad4ed46d-f418-4f8e-827d-4d08f13e556a", "vulnerability": {"vulnId": "CVE-2010-1297", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "ad4ed46d-f418-4f8e-827d-4d08f13e556a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Memory Corruption Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-1297"}, "references": [{"id": "CVE-2010-1297", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-1297"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6e0ccb72-b60e-45d0-a7ee-b344950ec6bb", "vulnerability": {"vulnId": "CVE-2017-5070", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "6e0ccb72-b60e-45d0-a7ee-b344950ec6bb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-5070"}, "references": [{"id": "CVE-2017-5070", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-5070"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e9a45c8a-0af1-475b-b2bc-9f62c10c8a20", "vulnerability": {"vulnId": "CVE-2018-17463", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "e9a45c8a-0af1-475b-b2bc-9f62c10c8a20", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Remote Code Execution Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains an unspecified vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-17463"}, "references": [{"id": "CVE-2018-17463", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-17463"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2910c4c7-2ae2-421d-9175-59389aafdfdf", "vulnerability": {"vulnId": "CVE-2019-7192", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "2910c4c7-2ae2-421d-9175-59389aafdfdf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: QNAP Photo Station Improper Access Control Vulnerability | Affected: QNAP / Photo Station | Description: QNAP NAS devices running Photo Station contain an improper access control vulnerability allowing remote attackers to gain unauthorized access to the system. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-7192"}, "references": [{"id": "CVE-2019-7192", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7192"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Photo Station", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "QNAP", "vulnerabilityName": "QNAP Photo Station Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "a693a078-ce98-4a6e-b668-baf0b4e10bc8", "vulnerability": {"vulnId": "CVE-2009-4324", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "a693a078-ce98-4a6e-b668-baf0b4e10bc8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Acrobat and Reader Use-After-Free Vulnerability | Affected: Adobe / Acrobat and Reader | Description: Use-after-free vulnerability in Adobe Acrobat and Reader allows remote attackers to execute code via a crafted PDF file. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2009-4324"}, "references": [{"id": "CVE-2009-4324", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-4324"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Acrobat and Reader", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Acrobat and Reader Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d6778111-a912-4b5d-8da0-b8bdbbe13c7d", "vulnerability": {"vulnId": "CVE-2010-2572", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "d6778111-a912-4b5d-8da0-b8bdbbe13c7d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft PowerPoint Buffer Overflow Vulnerability | Affected: Microsoft / PowerPoint | Description: Microsoft PowerPoint contains a buffer overflow vulnerability that alllows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-2572"}, "references": [{"id": "CVE-2010-2572", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-2572"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PowerPoint", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft PowerPoint Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a323e16f-6ec3-4658-8bbc-22d565298047", "vulnerability": {"vulnId": "CVE-2009-0557", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "a323e16f-6ec3-4658-8bbc-22d565298047", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Object Record Corruption Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office contains an object record corruption vulnerability that allows remote attackers to execute code via a crafted Excel file with a malformed record object. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2009-0557"}, "references": [{"id": "CVE-2009-0557", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-0557"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Object Record Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "757d62d3-e60d-49b9-83fb-14efd417124e", "vulnerability": {"vulnId": "CVE-2018-17480", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "757d62d3-e60d-49b9-83fb-14efd417124e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Out-of-Bounds Write Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains out-of-bounds write vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-17480"}, "references": [{"id": "CVE-2018-17480", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-17480"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d64bf8ad-cf55-47d4-9223-227beb97ffe5", "vulnerability": {"vulnId": "CVE-2019-7193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "d64bf8ad-cf55-47d4-9223-227beb97ffe5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: QNAP QTS Improper Input Validation Vulnerability | Affected: QNAP / QTS | Description: QNAP QTS contains an improper input validation vulnerability allowing remote attackers to inject code on the system. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-7193"}, "references": [{"id": "CVE-2019-7193", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7193"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "QTS", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "QNAP", "vulnerabilityName": "QNAP QTS Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "1dd9809b-65c9-45b8-8736-7dda0a1f1dd9", "vulnerability": {"vulnId": "CVE-2012-0151", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "1dd9809b-65c9-45b8-8736-7dda0a1f1dd9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: The Authenticode Signature Verification function in Microsoft Windows (WinVerifyTrust) does not properly validate the digest of a signed portable executable (PE) file, which allows user-assisted remote attackers to execute code. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-0151"}, "references": [{"id": "CVE-2012-0151", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-0151"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Authenticode Signature Verification Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2b6c34ae-42bd-4502-a78e-dd4c51e303e4", "vulnerability": {"vulnId": "CVE-2019-5825", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "2b6c34ae-42bd-4502-a78e-dd4c51e303e4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Out-of-Bounds Write Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-5825"}, "references": [{"id": "CVE-2019-5825", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-5825"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "caecef1f-6fe0-46b6-b5e5-05f568b271c9", "vulnerability": {"vulnId": "CVE-2011-2462", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "caecef1f-6fe0-46b6-b5e5-05f568b271c9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability | Affected: Adobe / Reader and Acrobat | Description: The Universal 3D (U3D) component in Adobe Reader and Acrobat contains a memory corruption vulnerability which could allow remote attackers to execute code or cause denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2011-2462"}, "references": [{"id": "CVE-2011-2462", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-2462"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Reader and Acrobat", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Reader and Acrobat Universal 3D Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9c60d9c2-b645-4f1f-8a54-7347b00d6d7d", "vulnerability": {"vulnId": "CVE-2009-1862", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "9c60d9c2-b645-4f1f-8a54-7347b00d6d7d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability | Affected: Adobe / Acrobat and Reader, Flash Player | Description: Adobe Acrobat and Reader and Adobe Flash Player allows remote attackers to execute code or cause denial-of-service (DoS). | Required action: For Adobe Acrobat and Reader, apply updates per vendor instructions. For Adobe Flash Player, the impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2009-1862"}, "references": [{"id": "CVE-2009-1862", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-1862"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Acrobat and Reader, Flash Player", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Acrobat and Reader, Flash Player Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "91bc88e3-a8e0-4a7a-ae24-e7228e023734", "vulnerability": {"vulnId": "CVE-2013-1331", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "91bc88e3-a8e0-4a7a-ae24-e7228e023734", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Buffer Overflow Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office contains a buffer overflow vulnerability that allows remote attackers to execute code via crafted PNG data in an Office document. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-1331"}, "references": [{"id": "CVE-2013-1331", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-1331"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7f1f75f2-dac7-4a04-b18b-709c35ac4648", "vulnerability": {"vulnId": "CVE-2016-1646", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "7f1f75f2-dac7-4a04-b18b-709c35ac4648", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Out-of-Bounds Read Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains an out-of-bounds read vulnerability that allows a remote attacker to cause a denial of service or possibly have another unspecified impact via crafted JavaScript code. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-1646"}, "references": [{"id": "CVE-2016-1646", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-1646"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Out-of-Bounds Read Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2da60d43-bb1d-4856-aecc-ec425e608feb", "vulnerability": {"vulnId": "CVE-2011-0609", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "2da60d43-bb1d-4856-aecc-ec425e608feb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Unspecified Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains an unspecified vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2011-0609"}, "references": [{"id": "CVE-2011-0609", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-0609"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "52db44da-1029-4bc2-b4d1-3d99ab515010", "vulnerability": {"vulnId": "CVE-2012-0754", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-08T00:00:00+00:00"}, "gcve": {"object_uuid": "52db44da-1029-4bc2-b4d1-3d99ab515010", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-08T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-08T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Memory Corruption Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-22 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-0754"}, "references": [{"id": "CVE-2012-0754", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-0754"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-06-22", "date_added": "2022-06-08", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3919902d-e89d-4ca0-b824-9c9757bfeced", "vulnerability": {"vulnId": "CVE-2022-26134", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-06-02T00:00:00+00:00"}, "gcve": {"object_uuid": "3919902d-e89d-4ca0-b824-9c9757bfeced", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-06-02T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-06-02T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability | Affected: Atlassian / Confluence Server/Data Center | Description: Atlassian Confluence Server and Data Center contain a remote code execution vulnerability that allows for an unauthenticated attacker to perform remote code execution. | Required action: Immediately block all internet traffic to and from affected products AND apply the update per vendor instructions [https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html] OR remove the affected products by the due date on the right. Note: Once the update is successfully deployed, agencies can reassess the internet blocking rules. | Due date: 2022-06-06 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-26134"}, "references": [{"id": "CVE-2022-26134", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26134"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-917"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Confluence Server/Data Center", "due_date": "2022-06-06", "date_added": "2022-06-02", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Confluence Server and Data Center Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "bff49f04-b8fd-4bcb-b5f3-6a874c60c126", "vulnerability": {"vulnId": "CVE-2015-6175", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "bff49f04-b8fd-4bcb-b5f3-6a874c60c126", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: The kernel in Microsoft Windows contains a vulnerability that allows local users to gain privileges via a crafted application. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-6175"}, "references": [{"id": "CVE-2015-6175", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-6175"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "02d5c2d6-7ae9-493b-bd43-33483764c1d5", "vulnerability": {"vulnId": "CVE-2015-0016", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "02d5c2d6-7ae9-493b-bd43-33483764c1d5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows TS WebProxy Directory Traversal Vulnerability | Affected: Microsoft / Windows | Description: Directory traversal vulnerability in the TS WebProxy (TSWbPrxy) component in Microsoft Windows allows remote attackers to escalate privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-0016"}, "references": [{"id": "CVE-2015-0016", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-0016"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows TS WebProxy Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "14a9a96d-0445-4ec1-849f-dd658b3c2d13", "vulnerability": {"vulnId": "CVE-2013-3896", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "14a9a96d-0445-4ec1-849f-dd658b3c2d13", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Silverlight Information Disclosure Vulnerability | Affected: Microsoft / Silverlight | Description: Microsoft Silverlight does not properly validate pointers during access to Silverlight elements, which allows remote attackers to obtain sensitive information via a crafted Silverlight application. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-3896"}, "references": [{"id": "CVE-2013-3896", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-3896"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Silverlight", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Silverlight Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c3e2b2f7-c5eb-4200-a539-d74075a0395f", "vulnerability": {"vulnId": "CVE-2014-0546", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c3e2b2f7-c5eb-4200-a539-d74075a0395f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Reader and Acrobat Sandbox Bypass Vulnerability | Affected: Adobe / Reader and Acrobat | Description: Adobe Reader and Acrobat on Windows allow attackers to bypass a sandbox protection mechanism, and consequently execute native code in a privileged context. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-0546"}, "references": [{"id": "CVE-2014-0546", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-0546"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Reader and Acrobat", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Reader and Acrobat Sandbox Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f3229c17-fd8a-4bb6-aa3e-ea5ea18f9752", "vulnerability": {"vulnId": "CVE-2015-8651", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "f3229c17-fd8a-4bb6-aa3e-ea5ea18f9752", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Integer Overflow Vulnerability | Affected: Adobe / Flash Player | Description: Integer overflow in Adobe Flash Player allows attackers to execute code. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-8651"}, "references": [{"id": "CVE-2015-8651", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-8651"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-189"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f0cb9d27-acd9-4848-84cd-2e72c7b1b24a", "vulnerability": {"vulnId": "CVE-2013-0074", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "f0cb9d27-acd9-4848-84cd-2e72c7b1b24a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Silverlight Double Dereference Vulnerability | Affected: Microsoft / Silverlight | Description: Microsoft Silverlight does not properly validate pointers during HTML object rendering, which allows remote attackers to execute code via a crafted Silverlight application. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-0074"}, "references": [{"id": "CVE-2013-0074", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0074"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Silverlight", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Silverlight Double Dereference Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "23ec58f6-2a56-4603-b802-53611e84e63c", "vulnerability": {"vulnId": "CVE-2013-2423", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "23ec58f6-2a56-4603-b802-53611e84e63c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle JRE Unspecified Vulnerability | Affected: Oracle / Java Runtime Environment (JRE) | Description: Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-2423"}, "references": [{"id": "CVE-2013-2423", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2423"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java Runtime Environment (JRE)", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Oracle", "vulnerabilityName": "Oracle JRE Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "24c5526f-ef99-463a-b27a-7592136ec1f1", "vulnerability": {"vulnId": "CVE-2013-0431", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "24c5526f-ef99-463a-b27a-7592136ec1f1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle JRE Sandbox Bypass Vulnerability | Affected: Oracle / Java Runtime Environment (JRE) | Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-0431"}, "references": [{"id": "CVE-2013-0431", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0431"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java Runtime Environment (JRE)", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Oracle", "vulnerabilityName": "Oracle JRE Sandbox Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2ade71e4-3ee7-4f88-a41e-ec859d616255", "vulnerability": {"vulnId": "CVE-2015-0310", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2ade71e4-3ee7-4f88-a41e-ec859d616255", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player ASLR Bypass Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player does not properly restrict discovery of memory addresses, which allows attackers to bypass the address space layout randomization (ASLR) protection mechanism. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-0310"}, "references": [{"id": "CVE-2015-0310", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-0310"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player ASLR Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e6f17a8e-76ff-431b-baa7-f512a2936957", "vulnerability": {"vulnId": "CVE-2014-4077", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e6f17a8e-76ff-431b-baa7-f512a2936957", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft IME Japanese Privilege Escalation Vulnerability | Affected: Microsoft / Input Method Editor (IME) Japanese | Description: Microsoft Input Method Editor (IME) Japanese is a keyboard with Japanese characters that can be enabled on Windows systems as it is included by default (with the default set as disabled). IME Japanese contains an unspecified vulnerability when IMJPDCT.EXE (IME for Japanese) is installed which allows attackers to bypass a sandbox and perform privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-4077"}, "references": [{"id": "CVE-2014-4077", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-4077"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Input Method Editor (IME) Japanese", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft IME Japanese Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e18c0c1a-4103-40a5-8c1b-c9823c34ea07", "vulnerability": {"vulnId": "CVE-2014-2817", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e18c0c1a-4103-40a5-8c1b-c9823c34ea07", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Privilege Escalation Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer cotains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-2817"}, "references": [{"id": "CVE-2014-2817", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-2817"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "34d3a85b-b6bc-488e-ac59-d2a59bdbbc8d", "vulnerability": {"vulnId": "CVE-2013-0422", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "34d3a85b-b6bc-488e-ac59-d2a59bdbbc8d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle JRE Remote Code Execution Vulnerability | Affected: Oracle / Java Runtime Environment (JRE) | Description: A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-0422"}, "references": [{"id": "CVE-2013-0422", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0422"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java Runtime Environment (JRE)", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Oracle", "vulnerabilityName": "Oracle JRE Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "debbacec-3493-4ad3-88e4-cfa2a4d6ad1b", "vulnerability": {"vulnId": "CVE-2010-1428", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "debbacec-3493-4ad3-88e4-cfa2a4d6ad1b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Red Hat JBoss Information Disclosure Vulnerability | Affected: Red Hat / JBoss | Description: Unauthenticated access to the JBoss Application Server Web Console (/web-console) is blocked by default. However, it was found that this block was incomplete, and only blocked GET and POST HTTP verbs. A remote attacker could use this flaw to gain access to sensitive information. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-1428"}, "references": [{"id": "CVE-2010-1428", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-1428"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "JBoss", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Red Hat", "vulnerabilityName": "Red Hat JBoss Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3c2ede6e-269f-4aba-8713-97e1966f9f8a", "vulnerability": {"vulnId": "CVE-2014-3153", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "3c2ede6e-269f-4aba-8713-97e1966f9f8a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Privilege Escalation Vulnerability | Affected: Linux / Kernel | Description: The futex_requeue function in kernel/futex.c in Linux kernel does not ensure that calls have two different futex addresses, which allows local users to gain privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-3153"}, "references": [{"id": "CVE-2014-3153", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-3153"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dc540285-ed9b-4775-a0ce-17acab9c2457", "vulnerability": {"vulnId": "CVE-2019-3010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "dc540285-ed9b-4775-a0ce-17acab9c2457", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Solaris Privilege Escalation Vulnerability | Affected: Oracle / Solaris | Description: Oracle Solaris component: XScreenSaver contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-3010"}, "references": [{"id": "CVE-2019-3010", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-3010"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Solaris", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Solaris Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d69d5bfc-e5a8-4c22-aad2-e91e286bbfa0", "vulnerability": {"vulnId": "CVE-2010-0738", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d69d5bfc-e5a8-4c22-aad2-e91e286bbfa0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Red Hat JBoss Authentication Bypass Vulnerability | Affected: Red Hat / JBoss | Description: The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-0738"}, "references": [{"id": "CVE-2010-0738", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-0738"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "JBoss", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Red Hat", "vulnerabilityName": "Red Hat JBoss Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "4a2aa8fb-2533-4de7-b11c-b25b11dcac54", "vulnerability": {"vulnId": "CVE-2010-0840", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4a2aa8fb-2533-4de7-b11c-b25b11dcac54", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle JRE Unspecified Vulnerability | Affected: Oracle / Java Runtime Environment (JRE) | Description: Unspecified vulnerability in the Java Runtime Environment (JRE) in Java SE component allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-0840"}, "references": [{"id": "CVE-2010-0840", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-0840"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java Runtime Environment (JRE)", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Oracle", "vulnerabilityName": "Oracle JRE Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cef62f9d-85b1-4b61-8ee0-40811c916a09", "vulnerability": {"vulnId": "CVE-2013-3993", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "cef62f9d-85b1-4b61-8ee0-40811c916a09", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: IBM InfoSphere BigInsights Invalid Input Vulnerability | Affected: IBM / InfoSphere BigInsights | Description: Certain APIs within BigInsights can take invalid input that might allow attackers unauthorized access to read, write, modify, or delete data. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-3993"}, "references": [{"id": "CVE-2013-3993", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-3993"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "InfoSphere BigInsights", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "IBM", "vulnerabilityName": "IBM InfoSphere BigInsights Invalid Input Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "c9cac025-0bfa-4bb5-b6f9-cb06eb857568", "vulnerability": {"vulnId": "CVE-2014-8439", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c9cac025-0bfa-4bb5-b6f9-cb06eb857568", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Dereferenced Pointer Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player has a vulnerability in the way it handles a dereferenced memory pointer which could lead to code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-8439"}, "references": [{"id": "CVE-2014-8439", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-8439"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Dereferenced Pointer Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c202b7a2-b54d-44f2-bad7-60ae3cfd48ff", "vulnerability": {"vulnId": "CVE-2015-1671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c202b7a2-b54d-44f2-bad7-60ae3cfd48ff", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: A remote code execution vulnerability exists when components of Windows, .NET Framework, Office, Lync, and Silverlight fail to properly handle TrueType fonts. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-1671"}, "references": [{"id": "CVE-2015-1671", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-1671"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-19"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2ab0aa9e-4103-4f16-ad01-0d52360f74b1", "vulnerability": {"vulnId": "CVE-2014-4148", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2ab0aa9e-4103-4f16-ad01-0d52360f74b1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: A remote code execution vulnerability exists when the Windows kernel-mode driver improperly handles TrueType fonts. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-4148"}, "references": [{"id": "CVE-2014-4148", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-4148"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "89ae0581-e78b-476e-878e-3ed858cde5e9", "vulnerability": {"vulnId": "CVE-2015-2360", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "89ae0581-e78b-476e-878e-3ed858cde5e9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Win32k.sys in the kernel-mode drivers in Microsoft Windows allows local users to gain privileges or cause denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-2360"}, "references": [{"id": "CVE-2015-2360", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2360"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "16386586-390a-47fb-923d-7f961dc379b3", "vulnerability": {"vulnId": "CVE-2016-1010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "16386586-390a-47fb-923d-7f961dc379b3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player and AIR Integer Overflow Vulnerability | Affected: Adobe / Flash Player and AIR | Description: Integer overflow vulnerability in Adobe Flash Player and AIR allows attackers to execute code. | Required action: The impacted products are end-of-life and should be disconnected if still in use. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-1010"}, "references": [{"id": "CVE-2016-1010", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-1010"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player and AIR", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player and AIR Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "302e440c-39c4-4bee-a50e-be4909c790bf", "vulnerability": {"vulnId": "CVE-2015-2425", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "302e440c-39c4-4bee-a50e-be4909c790bf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-2425"}, "references": [{"id": "CVE-2015-2425", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2425"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2c88b0ec-2c7f-4b43-a287-40f59af2c2bc", "vulnerability": {"vulnId": "CVE-2013-7331", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2c88b0ec-2c7f-4b43-a287-40f59af2c2bc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Information Disclosure Vulnerability | Affected: Microsoft / Internet Explorer | Description: An information disclosure vulnerability exists in Internet Explorer which allows resources loaded into memory to be queried. This vulnerability could allow an attacker to detect anti-malware applications. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-7331"}, "references": [{"id": "CVE-2013-7331", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-7331"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "acd116fc-5cd1-4a3c-8753-15d7951f218a", "vulnerability": {"vulnId": "CVE-2016-3393", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "acd116fc-5cd1-4a3c-8753-15d7951f218a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: A remote code execution vulnerability exists due to the way the Windows GDI component handles objects in the memory. An attacker who successfully exploits this vulnerability could take control of the affected system. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-3393"}, "references": [{"id": "CVE-2016-3393", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3393"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Graphics Device Interface (GDI) Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6f1e265c-a4fe-4d36-adfa-61cb018e11d8", "vulnerability": {"vulnId": "CVE-2015-1769", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "6f1e265c-a4fe-4d36-adfa-61cb018e11d8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Mount Manager Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when the Windows Mount Manager component improperly processes symbolic links. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-1769"}, "references": [{"id": "CVE-2015-1769", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-1769"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Mount Manager Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6fc7225e-d6ea-4211-8e7c-01d2f29dfafa", "vulnerability": {"vulnId": "CVE-2016-0984", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "6fc7225e-d6ea-4211-8e7c-01d2f29dfafa", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player and AIR Use-After-Free Vulnerability | Affected: Adobe / Flash Player and AIR | Description: Use-after-free vulnerability in Adobe Flash Player and Adobe AIR allows attackers to execute code. | Required action: The impacted products are end-of-life and should be disconnected if still in use. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-0984"}, "references": [{"id": "CVE-2016-0984", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-0984"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player and AIR", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player and AIR Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a3f8b855-934c-4a02-8e40-ab506d1f6450", "vulnerability": {"vulnId": "CVE-2016-7256", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a3f8b855-934c-4a02-8e40-ab506d1f6450", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Open Type Font Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: A remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-7256"}, "references": [{"id": "CVE-2016-7256", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-7256"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Open Type Font Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "765d4505-c038-4d19-862d-287e0f5fa1c2", "vulnerability": {"vulnId": "CVE-2012-1710", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "765d4505-c038-4d19-862d-287e0f5fa1c2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Fusion Middleware Unspecified Vulnerability | Affected: Oracle / Fusion Middleware | Description: Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Designer. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-1710"}, "references": [{"id": "CVE-2012-1710", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-1710"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Fusion Middleware", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Fusion Middleware Unspecified Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "9e8bba56-c22b-4600-b718-221493e4d43a", "vulnerability": {"vulnId": "CVE-2015-0071", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "9e8bba56-c22b-4600-b718-221493e4d43a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer ASLR Bypass Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer allows remote attackers to bypass the address space layout randomization (ASLR) protection mechanism via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-0071"}, "references": [{"id": "CVE-2015-0071", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-0071"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer ASLR Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7662ad31-cb41-40c9-943c-89faf6bd438c", "vulnerability": {"vulnId": "CVE-2014-4123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "7662ad31-cb41-40c9-943c-89faf6bd438c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Privilege Escalation Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains an unspecified vulnerability that allows remote attackers to gain privileges via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-4123"}, "references": [{"id": "CVE-2014-4123", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-4123"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "776c169f-47cd-4ddf-ad60-90d23dc87d36", "vulnerability": {"vulnId": "CVE-2015-4495", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "776c169f-47cd-4ddf-ad60-90d23dc87d36", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Firefox Security Feature Bypass Vulnerability | Affected: Mozilla / Firefox | Description: Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-4495"}, "references": [{"id": "CVE-2015-4495", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-4495"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firefox", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Firefox Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8f472a7b-5c9d-4d43-8fe2-475766826b29", "vulnerability": {"vulnId": "CVE-2016-0034", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-25T00:00:00+00:00"}, "gcve": {"object_uuid": "8f472a7b-5c9d-4d43-8fe2-475766826b29", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Silverlight Runtime Remote Code Execution Vulnerability | Affected: Microsoft / Silverlight | Description: Microsoft Silverlight mishandles negative offsets during decoding, which allows attackers to execute remote code or cause a denial-of-service (DoS). | Required action: The impacted products are end-of-life and should be disconnected if still in use. | Due date: 2022-06-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-0034"}, "references": [{"id": "CVE-2016-0034", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-0034"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Silverlight", "due_date": "2022-06-15", "date_added": "2022-05-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Silverlight Runtime Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "33d11f8c-d2fc-4463-8571-d590f55ce540", "vulnerability": {"vulnId": "CVE-2018-19953", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "33d11f8c-d2fc-4463-8571-d590f55ce540", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: QNAP NAS File Station Cross-Site Scripting Vulnerability | Affected: QNAP / Network Attached Storage (NAS) | Description: A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-19953"}, "references": [{"id": "CVE-2018-19953", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-19953"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79", "CWE-80"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Network Attached Storage (NAS)", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "QNAP", "vulnerabilityName": "QNAP NAS File Station Cross-Site Scripting Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "801d5501-482e-4bc9-ab25-df1fa8e38e48", "vulnerability": {"vulnId": "CVE-2016-6367", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "801d5501-482e-4bc9-ab25-df1fa8e38e48", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability | Affected: Cisco / Adaptive Security Appliance (ASA) | Description: A vulnerability in the command-line interface (CLI) parser of Cisco ASA software could allow an authenticated, local attacker to create a denial-of-service (DoS) condition or potentially execute code. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-6367"}, "references": [{"id": "CVE-2016-6367", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-6367"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Adaptive Security Appliance (ASA)", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Adaptive Security Appliance (ASA) CLI Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "71112a57-f643-4a34-8cc9-6edbbe50ade3", "vulnerability": {"vulnId": "CVE-2017-0147", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "71112a57-f643-4a34-8cc9-6edbbe50ade3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows SMBv1 Information Disclosure Vulnerability | Affected: Microsoft / SMBv1 server | Description: The SMBv1 server in Microsoft Windows allows remote attackers to obtain sensitive information from process memory via a crafted packet. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0147"}, "references": [{"id": "CVE-2017-0147", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0147"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMBv1 server", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows SMBv1 Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "0aa05148-f0c5-4c46-9076-bd6f5418aaff", "vulnerability": {"vulnId": "CVE-2016-4655", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "0aa05148-f0c5-4c46-9076-bd6f5418aaff", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS Information Disclosure Vulnerability | Affected: Apple / iOS | Description: The Apple iOS kernel allows attackers to obtain sensitive information from memory via a crafted application. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-4655"}, "references": [{"id": "CVE-2016-4655", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-4655"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b5570b14-4cfa-4383-9e41-31f4a0548497", "vulnerability": {"vulnId": "CVE-2016-0162", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "b5570b14-4cfa-4383-9e41-31f4a0548497", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Information Disclosure Vulnerability | Affected: Microsoft / Internet Explorer | Description: An information disclosure vulnerability exists when Internet Explorer does not properly handle JavaScript. The vulnerability could allow an attacker to detect specific files on the user's computer. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-0162"}, "references": [{"id": "CVE-2016-0162", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-0162"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b983b171-cb0e-4a06-9d35-bfc47d53b847", "vulnerability": {"vulnId": "CVE-2017-0005", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "b983b171-cb0e-4a06-9d35-bfc47d53b847", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: The Graphics Device Interface (GDI) in Microsoft Windows allows local users to gain privileges via a crafted application. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0005"}, "references": [{"id": "CVE-2017-0005", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0005"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Graphics Device Interface (GDI) Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5577bc8b-3831-4312-9f57-0812655cbee5", "vulnerability": {"vulnId": "CVE-2016-6366", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "5577bc8b-3831-4312-9f57-0812655cbee5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability | Affected: Cisco / Adaptive Security Appliance (ASA) | Description: A buffer overflow vulnerability in the Simple Network Management Protocol (SNMP) code of Cisco ASA software could allow an attacker to cause a reload of the affected system or to remotely execute code. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-6366"}, "references": [{"id": "CVE-2016-6366", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-6366"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Adaptive Security Appliance (ASA)", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Adaptive Security Appliance (ASA) SNMP Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "550afef6-85da-4a2a-8954-239e2dfcf470", "vulnerability": {"vulnId": "CVE-2016-4656", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "550afef6-85da-4a2a-8954-239e2dfcf470", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS Memory Corruption Vulnerability | Affected: Apple / iOS | Description: A memory corruption vulnerability in Apple iOS kernel allows attackers to execute code in a privileged context or cause a denial-of-service (DoS) via a crafted application. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-4656"}, "references": [{"id": "CVE-2016-4656", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-4656"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d33a3ebb-bcc1-4a0f-a233-c26c9146adeb", "vulnerability": {"vulnId": "CVE-2016-4657", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "d33a3ebb-bcc1-4a0f-a233-c26c9146adeb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS Webkit Memory Corruption Vulnerability | Affected: Apple / iOS | Description: Apple iOS WebKit contains a memory corruption vulnerability that allows attackers to execute remote code or cause a denial-of-service (DoS) via a crafted web site. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-4657"}, "references": [{"id": "CVE-2016-4657", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-4657"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS Webkit Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e002f22c-e76d-4357-9a8a-be3bf67e2d10", "vulnerability": {"vulnId": "CVE-2017-0022", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "e002f22c-e76d-4357-9a8a-be3bf67e2d10", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft XML Core Services Information Disclosure Vulnerability | Affected: Microsoft / XML Core Services | Description: Microsoft XML Core Services (MSXML) improperly handles objects in memory, allowing attackers to test for files on disk via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0022"}, "references": [{"id": "CVE-2017-0022", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0022"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "XML Core Services", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft XML Core Services Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "334acbde-5585-47d7-928f-067adc718955", "vulnerability": {"vulnId": "CVE-2017-18362", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "334acbde-5585-47d7-928f-067adc718955", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Kaseya VSA SQL Injection Vulnerability | Affected: Kaseya / Virtual System/Server Administrator (VSA) | Description: ConnectWise ManagedITSync integration for Kaseya VSA is vulnerable to unauthenticated remote commands that allow full direct access to the Kaseya VSA database. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-18362"}, "references": [{"id": "CVE-2017-18362", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-18362"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Virtual System/Server Administrator (VSA)", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Kaseya", "vulnerabilityName": "Kaseya VSA SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "e40ddf69-1324-4b84-9111-f8f00def48e1", "vulnerability": {"vulnId": "CVE-2018-19949", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "e40ddf69-1324-4b84-9111-f8f00def48e1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: QNAP NAS File Station Command Injection Vulnerability | Affected: QNAP / Network Attached Storage (NAS) | Description: A command injection vulnerability affecting QNAP NAS File Station could allow remote attackers to run commands. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-19949"}, "references": [{"id": "CVE-2018-19949", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-19949"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-77", "CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Network Attached Storage (NAS)", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "QNAP", "vulnerabilityName": "QNAP NAS File Station Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "275bab00-85db-48de-961e-a15bd90ce0f3", "vulnerability": {"vulnId": "CVE-2018-19943", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "275bab00-85db-48de-961e-a15bd90ce0f3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: QNAP NAS File Station Cross-Site Scripting Vulnerability | Affected: QNAP / Network Attached Storage (NAS) | Description: A cross-site scripting vulnerability affecting QNAP NAS File Station could allow remote attackers to inject malicious code. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-19943"}, "references": [{"id": "CVE-2018-19943", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-19943"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79", "CWE-80"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Network Attached Storage (NAS)", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "QNAP", "vulnerabilityName": "QNAP NAS File Station Cross-Site Scripting Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "1dd8022d-7a4a-4e13-b3ef-595f1404c38d", "vulnerability": {"vulnId": "CVE-2017-0149", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "1dd8022d-7a4a-4e13-b3ef-595f1404c38d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code or cause a denial-of-service (DoS) via a crafted website. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0149"}, "references": [{"id": "CVE-2017-0149", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0149"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "17d5ef71-7faa-408d-a406-4370e10d6fcf", "vulnerability": {"vulnId": "CVE-2018-8611", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "17d5ef71-7faa-408d-a406-4370e10d6fcf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8611"}, "references": [{"id": "CVE-2018-8611", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8611"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-404"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0f41d338-183f-4dd2-81bc-3a5bf904271a", "vulnerability": {"vulnId": "CVE-2017-8543", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "0f41d338-183f-4dd2-81bc-3a5bf904271a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Search Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows allows an attacker to take control of the affected system when Windows Search fails to handle objects in memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-8543"}, "references": [{"id": "CVE-2017-8543", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-8543"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-281"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Search Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0f2d5cb8-2c2a-4094-8dbb-71853cf0a7b1", "vulnerability": {"vulnId": "CVE-2016-3298", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "0f2d5cb8-2c2a-4094-8dbb-71853cf0a7b1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability | Affected: Microsoft / Internet Explorer | Description: An information disclosure vulnerability exists when the Microsoft Internet Messaging API improperly handles objects in memory. An attacker who successfully exploited this vulnerability could allow the attacker to test for the presence of files on disk. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-3298"}, "references": [{"id": "CVE-2016-3298", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3298"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Messaging API Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fc46f1e7-80e5-477d-8ce1-4ebb2543405f", "vulnerability": {"vulnId": "CVE-2017-8291", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "fc46f1e7-80e5-477d-8ce1-4ebb2543405f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Artifex Ghostscript Type Confusion Vulnerability | Affected: Artifex / Ghostscript | Description: Artifex Ghostscript allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a \"/OutputFile. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-8291"}, "references": [{"id": "CVE-2017-8291", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-8291"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-704"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Ghostscript", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Artifex", "vulnerabilityName": "Artifex Ghostscript Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0408d7da-bf36-4ed3-8275-31cea2a7a2a9", "vulnerability": {"vulnId": "CVE-2017-0210", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "0408d7da-bf36-4ed3-8275-31cea2a7a2a9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Privilege Escalation Vulnerability | Affected: Microsoft / Internet Explorer | Description: A privilege escalation vulnerability exists when Internet Explorer does not properly enforce cross-domain policies, which could allow an attacker to access information. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0210"}, "references": [{"id": "CVE-2017-0210", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0210"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fe549506-0694-4d56-991f-52255778dc8a", "vulnerability": {"vulnId": "CVE-2016-3351", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-24T00:00:00+00:00"}, "gcve": {"object_uuid": "fe549506-0694-4d56-991f-52255778dc8a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-24T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-24T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer and Edge Information Disclosure Vulnerability | Affected: Microsoft / Internet Explorer and Edge | Description: An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-14 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-3351"}, "references": [{"id": "CVE-2016-3351", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3351"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer and Edge", "due_date": "2022-06-14", "date_added": "2022-05-24", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer and Edge Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "26a4c008-3b4d-4f01-ac92-0fa40e9fd5a7", "vulnerability": {"vulnId": "CVE-2020-1027", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "26a4c008-3b4d-4f01-ac92-0fa40e9fd5a7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-1027"}, "references": [{"id": "CVE-2020-1027", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1027"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a45f3034-7fa4-41c8-b53d-296ff8185538", "vulnerability": {"vulnId": "CVE-2019-13720", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "a45f3034-7fa4-41c8-b53d-296ff8185538", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chrome WebAudio Use-After-Free Vulnerability | Affected: Google / Chrome WebAudio | Description: Google Chrome WebAudio contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-13720"}, "references": [{"id": "CVE-2019-13720", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-13720"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chrome WebAudio", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Google", "vulnerabilityName": "Google Chrome WebAudio Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ff9f66ad-a881-44f7-a5a9-527a79e036ec", "vulnerability": {"vulnId": "CVE-2019-11708", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "ff9f66ad-a881-44f7-a5a9-527a79e036ec", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability | Affected: Mozilla / Firefox and Thunderbird | Description: Mozilla Firefox and Thunderbird contain a sandbox escape vulnerability that could result in remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-11708"}, "references": [{"id": "CVE-2019-11708", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-11708"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firefox and Thunderbird", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Firefox and Thunderbird Sandbox Escape Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3b502346-2fd6-4b79-9c5b-ccc0bdd779cc", "vulnerability": {"vulnId": "CVE-2019-7287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "3b502346-2fd6-4b79-9c5b-ccc0bdd779cc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS Memory Corruption Vulnerability | Affected: Apple / iOS | Description: Apple iOS contains a memory corruption vulnerability which could allow an attacker to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-7287"}, "references": [{"id": "CVE-2019-7287", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7287"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a9bd3b42-e6ab-4de1-8deb-79cd3bba82cd", "vulnerability": {"vulnId": "CVE-2021-1048", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "a9bd3b42-e6ab-4de1-8deb-79cd3bba82cd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Kernel Use-After-Free Vulnerability | Affected: Android / Kernel | Description: Android kernel contains a use-after-free vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1048"}, "references": [{"id": "CVE-2021-1048", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1048"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Android", "vulnerabilityName": "Android Kernel Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6f30cc3e-0425-43fe-9199-65951f3291da", "vulnerability": {"vulnId": "CVE-2018-8589", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "6f30cc3e-0425-43fe-9199-65951f3291da", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: A privilege escalation vulnerability exists when Windows improperly handles calls to Win32k.sys. An attacker who successfully exploited this vulnerability could run remote code in the security context of the local system. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8589"}, "references": [{"id": "CVE-2018-8589", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8589"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "30f82b5a-8123-48da-b33d-ad5717fcf612", "vulnerability": {"vulnId": "CVE-2019-11707", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "30f82b5a-8123-48da-b33d-ad5717fcf612", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Firefox and Thunderbird Type Confusion Vulnerability | Affected: Mozilla / Firefox and Thunderbird | Description: Mozilla Firefox and Thunderbird contain a type confusion vulnerability that can occur when manipulating JavaScript objects due to issues in Array.pop, allowing for an exploitable crash. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-11707"}, "references": [{"id": "CVE-2019-11707", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-11707"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firefox and Thunderbird", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Firefox and Thunderbird Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "aca4105f-70af-4749-9b5f-a0d2d54c9eab", "vulnerability": {"vulnId": "CVE-2019-8720", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "aca4105f-70af-4749-9b5f-a0d2d54c9eab", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: WebKitGTK Memory Corruption Vulnerability | Affected: WebKitGTK / WebKitGTK | Description: WebKitGTK contains a memory corruption vulnerability which can allow an attacker to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-8720"}, "references": [{"id": "CVE-2019-8720", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-8720"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebKitGTK", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "WebKitGTK", "vulnerabilityName": "WebKitGTK Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ab4ac466-8a55-4c55-9b57-8caa60ccde14", "vulnerability": {"vulnId": "CVE-2019-5786", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "ab4ac466-8a55-4c55-9b57-8caa60ccde14", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chrome Blink Use-After-Free Vulnerability | Affected: Google / Chrome Blink | Description: Google Chrome Blink contains a heap use-after-free vulnerability that allows an attacker to potentially perform out of bounds memory access via a crafted HTML page. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-5786"}, "references": [{"id": "CVE-2019-5786", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-5786"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chrome Blink", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Google", "vulnerabilityName": "Google Chrome Blink Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bfb8f0ed-30fd-4281-aa15-5f46555011ef", "vulnerability": {"vulnId": "CVE-2022-20821", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "bfb8f0ed-30fd-4281-aa15-5f46555011ef", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS XR Open Port Vulnerability | Affected: Cisco / IOS XR | Description: Cisco IOS XR software health check opens TCP port 6379 by default on activation. An attacker can connect to the Redis instance on the open port and allow access to the Redis instance that is running within the NOSi container. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-20821"}, "references": [{"id": "CVE-2022-20821", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-20821"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-923"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS XR", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS XR Open Port Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a6aac6cb-a7d8-44f1-aa6b-024e61ec91fc", "vulnerability": {"vulnId": "CVE-2019-0880", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "a6aac6cb-a7d8-44f1-aa6b-024e61ec91fc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls. An attacker who successfully exploited the vulnerability could elevate privileges on an affected system from low-integrity to medium-integrity. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0880"}, "references": [{"id": "CVE-2019-0880", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0880"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3d540a2f-08fd-4967-b3da-4b4d1dcf0c12", "vulnerability": {"vulnId": "CVE-2019-0676", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "3d540a2f-08fd-4967-b3da-4b4d1dcf0c12", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Information Disclosure Vulnerability | Affected: Microsoft / Internet Explorer | Description: An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory. An attacker who successfully exploited this vulnerability could test for the presence of files on disk. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0676"}, "references": [{"id": "CVE-2019-0676", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0676"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4988582a-8313-45f7-8238-aae9b9c7906b", "vulnerability": {"vulnId": "CVE-2019-7286", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "4988582a-8313-45f7-8238-aae9b9c7906b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-7286"}, "references": [{"id": "CVE-2019-7286", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7286"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "26e2166a-0337-4896-ac67-b4a6ffe47c54", "vulnerability": {"vulnId": "CVE-2020-0638", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "26e2166a-0337-4896-ac67-b4a6ffe47c54", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Update Notification Manager Privilege Escalation Vulnerability | Affected: Microsoft / Update Notification Manager | Description: Microsoft Update Notification Manager contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0638"}, "references": [{"id": "CVE-2020-0638", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0638"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Update Notification Manager", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Update Notification Manager Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "fbd1b775-5bcb-4adf-a1f5-0b4f3132d7ec", "vulnerability": {"vulnId": "CVE-2019-1385", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "fbd1b775-5bcb-4adf-a1f5-0b4f3132d7ec", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when the Windows AppX Deployment Extensions improperly performs privilege management, resulting in access to system files. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1385"}, "references": [{"id": "CVE-2019-1385", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1385"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows AppX Deployment Extensions Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "08cee58f-7807-4117-b9bf-4fbf3ead4215", "vulnerability": {"vulnId": "CVE-2021-0920", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "08cee58f-7807-4117-b9bf-4fbf3ead4215", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Kernel Race Condition Vulnerability | Affected: Android / Kernel | Description: Android kernel contains a race condition, which allows for a use-after-free vulnerability. Exploitation can allow for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-0920"}, "references": [{"id": "CVE-2021-0920", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-0920"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-362", "CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Android", "vulnerabilityName": "Android Kernel Race Condition Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "65af3102-ff6d-4dc6-b2e2-ec88f5b22e33", "vulnerability": {"vulnId": "CVE-2019-18426", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "65af3102-ff6d-4dc6-b2e2-ec88f5b22e33", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: WhatsApp Cross-Site Scripting Vulnerability | Affected: Meta Platforms / WhatsApp | Description: A vulnerability in WhatsApp Desktop when paired with WhatsApp for iPhone allows cross-site scripting and local file reading. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-18426"}, "references": [{"id": "CVE-2019-18426", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-18426"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WhatsApp", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Meta Platforms", "vulnerabilityName": "WhatsApp Cross-Site Scripting Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "95193073-8962-4a89-9d6f-9eabfda1e5b0", "vulnerability": {"vulnId": "CVE-2021-30883", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "95193073-8962-4a89-9d6f-9eabfda1e5b0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30883"}, "references": [{"id": "CVE-2021-30883", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30883"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "46c50235-e7d9-44fa-a925-f2d69e581a9a", "vulnerability": {"vulnId": "CVE-2019-1130", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "46c50235-e7d9-44fa-a925-f2d69e581a9a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1130"}, "references": [{"id": "CVE-2019-1130", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1130"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows AppX Deployment Service Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2dab8983-352b-47c4-992b-78d5a9647b88", "vulnerability": {"vulnId": "CVE-2018-5002", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "2dab8983-352b-47c4-992b-78d5a9647b88", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Stack-based Buffer Overflow Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player have a stack-based buffer overflow vulnerability that could lead to remote code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-5002"}, "references": [{"id": "CVE-2018-5002", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-5002"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Stack-based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "27da08c6-38c2-45b8-9186-c1122671d968", "vulnerability": {"vulnId": "CVE-2019-0703", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-23T00:00:00+00:00"}, "gcve": {"object_uuid": "27da08c6-38c2-45b8-9186-c1122671d968", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-23T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-23T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows SMB Information Disclosure Vulnerability | Affected: Microsoft / Windows | Description: An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, which could lead to information disclosure from the server. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-13 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0703"}, "references": [{"id": "CVE-2019-0703", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0703"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-06-13", "date_added": "2022-05-23", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows SMB Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4d081038-c409-4d67-94e4-67c87ad27f09", "vulnerability": {"vulnId": "CVE-2022-22947", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-16T00:00:00+00:00"}, "gcve": {"object_uuid": "4d081038-c409-4d67-94e4-67c87ad27f09", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-16T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware Spring Cloud Gateway Code Injection Vulnerability | Affected: VMware / Spring Cloud Gateway | Description: Spring Cloud Gateway applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-22947"}, "references": [{"id": "CVE-2022-22947", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22947"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Spring Cloud Gateway", "due_date": "2022-06-06", "date_added": "2022-05-16", "vendorProject": "VMware", "vulnerabilityName": "VMware Spring Cloud Gateway Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "61588b46-2261-4993-95c9-ddc2c50c1b42", "vulnerability": {"vulnId": "CVE-2022-30525", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-16T00:00:00+00:00"}, "gcve": {"object_uuid": "61588b46-2261-4993-95c9-ddc2c50c1b42", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-16T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-16T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel Multiple Firewalls OS Command Injection Vulnerability | Affected: Zyxel / Multiple Firewalls | Description: A command injection vulnerability in the CGI program of some Zyxel firewall versions could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-30525"}, "references": [{"id": "CVE-2022-30525", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-30525"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Firewalls", "due_date": "2022-06-06", "date_added": "2022-05-16", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel Multiple Firewalls OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ca71a718-c31f-4e35-b439-635f8e0c4ca9", "vulnerability": {"vulnId": "CVE-2022-1388", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-10T00:00:00+00:00"}, "gcve": {"object_uuid": "ca71a718-c31f-4e35-b439-635f8e0c4ca9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-10T00:00:00Z"}, "scope": {"notes": "KEV entry: F5 BIG-IP Missing Authentication Vulnerability | Affected: F5 / BIG-IP | Description: F5 BIG-IP contains a missing authentication in critical function vulnerability which can allow for remote code execution, creation or deletion of files, or disabling services. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-31 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-1388"}, "references": [{"id": "CVE-2022-1388", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-1388"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "BIG-IP", "due_date": "2022-05-31", "date_added": "2022-05-10", "vendorProject": "F5", "vulnerabilityName": "F5 BIG-IP Missing Authentication Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "6872598a-235d-4bb0-abb6-8fbfb9b25cf4", "vulnerability": {"vulnId": "CVE-2021-1789", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-04T00:00:00+00:00"}, "gcve": {"object_uuid": "6872598a-235d-4bb0-abb6-8fbfb9b25cf4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Type Confusion Vulnerability | Affected: Apple / Multiple Products | Description: A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1789"}, "references": [{"id": "CVE-2021-1789", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1789"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-25", "date_added": "2022-05-04", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b38b2a90-21b2-4fe9-a21f-8db92dae468c", "vulnerability": {"vulnId": "CVE-2014-4113", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-04T00:00:00+00:00"}, "gcve": {"object_uuid": "b38b2a90-21b2-4fe9-a21f-8db92dae468c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-4113"}, "references": [{"id": "CVE-2014-4113", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-4113"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-05-25", "date_added": "2022-05-04", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1eafb973-0230-430e-a71c-062c16b78b49", "vulnerability": {"vulnId": "CVE-2014-0160", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-04T00:00:00+00:00"}, "gcve": {"object_uuid": "1eafb973-0230-430e-a71c-062c16b78b49", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-04T00:00:00Z"}, "scope": {"notes": "KEV entry: OpenSSL Information Disclosure Vulnerability | Affected: OpenSSL / OpenSSL | Description: The TLS and DTLS implementations in OpenSSL do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-0160"}, "references": [{"id": "CVE-2014-0160", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-0160"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-125"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "OpenSSL", "due_date": "2022-05-25", "date_added": "2022-05-04", "vendorProject": "OpenSSL", "vulnerabilityName": "OpenSSL Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ec93b28f-7973-45f0-9c55-0f2d4e679309", "vulnerability": {"vulnId": "CVE-2014-0322", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-04T00:00:00+00:00"}, "gcve": {"object_uuid": "ec93b28f-7973-45f0-9c55-0f2d4e679309", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Use-After-Free Vulnerability | Affected: Microsoft / Internet Explorer | Description: Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute code. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-0322"}, "references": [{"id": "CVE-2014-0322", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-0322"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-05-25", "date_added": "2022-05-04", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "27ce96a3-d3f2-4034-aae3-3057a2392e66", "vulnerability": {"vulnId": "CVE-2019-8506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-05-04T00:00:00+00:00"}, "gcve": {"object_uuid": "27ce96a3-d3f2-4034-aae3-3057a2392e66", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-05-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-05-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Type Confusion Vulnerability | Affected: Apple / Multiple Products | Description: A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-8506"}, "references": [{"id": "CVE-2019-8506", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-8506"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-25", "date_added": "2022-05-04", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b1628409-8c9a-4c59-951e-6ee3a3d33f8a", "vulnerability": {"vulnId": "CVE-2022-29464", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "b1628409-8c9a-4c59-951e-6ee3a3d33f8a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-25T00:00:00Z"}, "scope": {"notes": "KEV entry: WSO2 Multiple Products Unrestrictive Upload of File Vulnerability | Affected: WSO2 / Multiple Products | Description: Multiple WSO2 products allow for unrestricted file upload, resulting in remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-16 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-29464"}, "references": [{"id": "CVE-2022-29464", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-29464"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-16", "date_added": "2022-04-25", "vendorProject": "WSO2", "vulnerabilityName": "WSO2 Multiple Products Unrestrictive Upload of File Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "08d086d1-28d1-458f-98d1-ca1f10136f5b", "vulnerability": {"vulnId": "CVE-2022-21919", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "08d086d1-28d1-458f-98d1-ca1f10136f5b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows User Profile Service Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-21919"}, "references": [{"id": "CVE-2022-21919", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-21919"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1386"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-16", "date_added": "2022-04-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows User Profile Service Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "140419b5-7d5a-41d1-8d8e-8444dc16e9e1", "vulnerability": {"vulnId": "CVE-2022-26904", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "140419b5-7d5a-41d1-8d8e-8444dc16e9e1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows User Profile Service Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-26904"}, "references": [{"id": "CVE-2022-26904", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26904"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-362"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-16", "date_added": "2022-04-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows User Profile Service Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "043acd33-b861-4b1e-ae05-0e29ba906253", "vulnerability": {"vulnId": "CVE-2021-41357", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "043acd33-b861-4b1e-ae05-0e29ba906253", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-41357"}, "references": [{"id": "CVE-2021-41357", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-41357"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-05-16", "date_added": "2022-04-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "36bfc706-1c9e-42f4-86f1-081e72495e13", "vulnerability": {"vulnId": "CVE-2019-1003029", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "36bfc706-1c9e-42f4-86f1-081e72495e13", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Jenkins Script Security Plugin Sandbox Bypass Vulnerability | Affected: Jenkins / Script Security Plugin | Description: Jenkins Script Security Plugin contains a protection mechanism failure, allowing an attacker to bypass the sandbox. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1003029"}, "references": [{"id": "CVE-2019-1003029", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1003029"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Script Security Plugin", "due_date": "2022-05-16", "date_added": "2022-04-25", "vendorProject": "Jenkins", "vulnerabilityName": "Jenkins Script Security Plugin Sandbox Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "df282871-b9b2-49f3-bfe2-fb77ae3083f4", "vulnerability": {"vulnId": "CVE-2022-0847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "df282871-b9b2-49f3-bfe2-fb77ae3083f4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Privilege Escalation Vulnerability | Affected: Linux / Kernel | Description: Linux kernel contains an improper initialization vulnerability where an unprivileged local user could escalate their privileges on the system. This vulnerability has the moniker of \"Dirty Pipe.\" | Required action: Apply updates per vendor instructions. | Due date: 2022-05-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-0847"}, "references": [{"id": "CVE-2022-0847", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-0847"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-665"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2022-05-16", "date_added": "2022-04-25", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b14650c5-b8a7-46ac-b2a3-478ebe003ba3", "vulnerability": {"vulnId": "CVE-2021-40450", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-25T00:00:00+00:00"}, "gcve": {"object_uuid": "b14650c5-b8a7-46ac-b2a3-478ebe003ba3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-16 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-40450"}, "references": [{"id": "CVE-2021-40450", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-40450"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-05-16", "date_added": "2022-04-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3e95f02f-cb0d-476e-819b-dd10de26230d", "vulnerability": {"vulnId": "CVE-2019-3568", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-19T00:00:00+00:00"}, "gcve": {"object_uuid": "3e95f02f-cb0d-476e-819b-dd10de26230d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-19T00:00:00Z"}, "scope": {"notes": "KEV entry: WhatsApp VOIP Stack Buffer Overflow Vulnerability | Affected: Meta Platforms / WhatsApp | Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of RTCP packets sent to a target phone number. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-3568"}, "references": [{"id": "CVE-2019-3568", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-3568"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WhatsApp", "due_date": "2022-05-10", "date_added": "2022-04-19", "vendorProject": "Meta Platforms", "vulnerabilityName": "WhatsApp VOIP Stack Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8f6c2efa-2961-41ec-9bf7-f184db76aaec", "vulnerability": {"vulnId": "CVE-2022-22718", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-19T00:00:00+00:00"}, "gcve": {"object_uuid": "8f6c2efa-2961-41ec-9bf7-f184db76aaec", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Print Spooler Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Print Spooler contains an unspecified vulnerability which allow for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-22718"}, "references": [{"id": "CVE-2022-22718", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22718"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-10", "date_added": "2022-04-19", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Print Spooler Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9ff688cb-4ecc-4397-8b6d-984c4ceb4185", "vulnerability": {"vulnId": "CVE-2018-6882", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-19T00:00:00+00:00"}, "gcve": {"object_uuid": "9ff688cb-4ecc-4397-8b6d-984c4ceb4185", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-19T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-19T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting vulnerability that might allow remote attackers to inject arbitrary web script or HTML. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-6882"}, "references": [{"id": "CVE-2018-6882", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-6882"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2022-05-10", "date_added": "2022-04-19", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "cf0285ad-d795-4641-87f9-f9446c203241", "vulnerability": {"vulnId": "CVE-2007-3010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "cf0285ad-d795-4641-87f9-f9446c203241", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability | Affected: Alcatel / OmniPCX Enterprise | Description: masterCGI in the Unified Maintenance Tool in Alcatel OmniPCX Enterprise Communication Server allows remote attackers to execute arbitrary commands. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2007-3010"}, "references": [{"id": "CVE-2007-3010", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2007-3010"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "OmniPCX Enterprise", "due_date": "2022-05-06", "date_added": "2022-04-15", "vendorProject": "Alcatel", "vulnerabilityName": "Alcatel OmniPCX Enterprise Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e448dde8-399c-4a25-b8d4-afccbe84084d", "vulnerability": {"vulnId": "CVE-2016-4523", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "e448dde8-399c-4a25-b8d4-afccbe84084d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability | Affected: Trihedral / VTScada (formerly VTS) | Description: The WAP interface in Trihedral VTScada (formerly VTS) allows remote attackers to cause a denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-05-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-4523"}, "references": [{"id": "CVE-2016-4523", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-4523"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VTScada (formerly VTS)", "due_date": "2022-05-06", "date_added": "2022-04-15", "vendorProject": "Trihedral", "vulnerabilityName": "Trihedral VTScada (formerly VTS) Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c3671aa3-3c7d-4a08-8862-41b66271a2d7", "vulnerability": {"vulnId": "CVE-2010-5330", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "c3671aa3-3c7d-4a08-8862-41b66271a2d7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Ubiquiti AirOS Command Injection Vulnerability | Affected: Ubiquiti / AirOS | Description: Certain Ubiquiti devices contain a command injection vulnerability via a GET request to stainfo.cgi. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-5330"}, "references": [{"id": "CVE-2010-5330", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-5330"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AirOS", "due_date": "2022-05-06", "date_added": "2022-04-15", "vendorProject": "Ubiquiti", "vulnerabilityName": "Ubiquiti AirOS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ff0684ad-8d89-4d05-944b-45a2295cb2df", "vulnerability": {"vulnId": "CVE-2019-3929", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "ff0684ad-8d89-4d05-944b-45a2295cb2df", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Crestron Multiple Products Command Injection Vulnerability | Affected: Crestron / Multiple Products | Description: Multiple Crestron products are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-3929"}, "references": [{"id": "CVE-2019-3929", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-3929"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-06", "date_added": "2022-04-15", "vendorProject": "Crestron", "vulnerabilityName": "Crestron Multiple Products Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b7dfd981-0ef6-454b-b333-0a9e251a40e6", "vulnerability": {"vulnId": "CVE-2022-22960", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "b7dfd981-0ef6-454b-b333-0a9e251a40e6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-15T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware Multiple Products Privilege Escalation Vulnerability | Affected: VMware / Multiple Products | Description: VMware Workspace ONE Access, Identity Manager and vRealize Automation contain a privilege escalation vulnerability due to improper permissions in support scripts. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-22960"}, "references": [{"id": "CVE-2022-22960", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22960"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-250"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-06", "date_added": "2022-04-15", "vendorProject": "VMware", "vulnerabilityName": "VMware Multiple Products Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d519a4f3-59d7-41bf-a57e-364de31a6b79", "vulnerability": {"vulnId": "CVE-2019-16057", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "d519a4f3-59d7-41bf-a57e-364de31a6b79", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-15T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DNS-320 Remote Code Execution Vulnerability | Affected: D-Link / DNS-320 Storage Device | Description: The login_mgr.cgi script in D-Link DNS-320 is vulnerable to remote code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-05-06 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-16057"}, "references": [{"id": "CVE-2019-16057", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-16057"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DNS-320 Storage Device", "due_date": "2022-05-06", "date_added": "2022-04-15", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DNS-320 Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8bd04b08-a2ea-4c1f-80ae-6c40ad7a6af7", "vulnerability": {"vulnId": "CVE-2022-1364", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "8bd04b08-a2ea-4c1f-80ae-6c40ad7a6af7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-1364"}, "references": [{"id": "CVE-2022-1364", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-1364"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-05-06", "date_added": "2022-04-15", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "828c3107-eb16-4d9e-aa3e-ac6097b4e156", "vulnerability": {"vulnId": "CVE-2014-0780", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "828c3107-eb16-4d9e-aa3e-ac6097b4e156", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-15T00:00:00Z"}, "scope": {"notes": "KEV entry: InduSoft Web Studio NTWebServer Directory Traversal Vulnerability | Affected: InduSoft / Web Studio | Description: InduSoft Web Studio NTWebServer contains a directory traversal vulnerability that allows remote attackers to read administrative passwords in APP files, allowing for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-0780"}, "references": [{"id": "CVE-2014-0780", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-0780"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Web Studio", "due_date": "2022-05-06", "date_added": "2022-04-15", "vendorProject": "InduSoft", "vulnerabilityName": "InduSoft Web Studio NTWebServer Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bcab164c-e9bb-4548-8d7f-a9d74e8c867a", "vulnerability": {"vulnId": "CVE-2018-7841", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-15T00:00:00+00:00"}, "gcve": {"object_uuid": "bcab164c-e9bb-4548-8d7f-a9d74e8c867a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Schneider Electric U.motion Builder SQL Injection Vulnerability | Affected: Schneider Electric / U.motion Builder | Description: A SQL Injection vulnerability exists in U.motion Builder software which could cause unwanted code execution when an improper set of characters is entered. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-05-06 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-7841"}, "references": [{"id": "CVE-2018-7841", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-7841"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "U.motion Builder", "due_date": "2022-05-06", "date_added": "2022-04-15", "vendorProject": "Schneider Electric", "vulnerabilityName": "Schneider Electric U.motion Builder SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3817b7db-7439-479b-bffa-3efcedee90cd", "vulnerability": {"vulnId": "CVE-2022-22954", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-14T00:00:00+00:00"}, "gcve": {"object_uuid": "3817b7db-7439-479b-bffa-3efcedee90cd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-14T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-14T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability | Affected: VMware / Workspace ONE Access and Identity Manager | Description: VMware Workspace ONE Access and Identity Manager allow for remote code execution due to server-side template injection. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-22954"}, "references": [{"id": "CVE-2022-22954", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22954"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Workspace ONE Access and Identity Manager", "due_date": "2022-05-05", "date_added": "2022-04-14", "vendorProject": "VMware", "vulnerabilityName": "VMware Workspace ONE Access and Identity Manager Server-Side Template Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "d74acde3-849a-46e4-a79a-0928a55db14c", "vulnerability": {"vulnId": "CVE-2015-5123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "d74acde3-849a-46e4-a79a-0928a55db14c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Use-After-Free Vulnerability | Affected: Adobe / Flash Player | Description: Use-after-free vulnerability in the BitmapData class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-05-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-5123"}, "references": [{"id": "CVE-2015-5123", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-5123"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-05-04", "date_added": "2022-04-13", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "404ae5b7-191c-4d9b-9b36-88937897f101", "vulnerability": {"vulnId": "CVE-2015-3113", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "404ae5b7-191c-4d9b-9b36-88937897f101", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Heap-Based Buffer Overflow Vulnerability | Affected: Adobe / Flash Player | Description: Heap-based buffer overflow vulnerability in Adobe Flash Player allows remote attackers to execute code. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-05-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-3113"}, "references": [{"id": "CVE-2015-3113", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-3113"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-05-04", "date_added": "2022-04-13", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3f203617-fdaf-4f3d-8191-37788e786a02", "vulnerability": {"vulnId": "CVE-2015-5122", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "3f203617-fdaf-4f3d-8191-37788e786a02", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Use-After-Free Vulnerability | Affected: Adobe / Flash Player | Description: Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player allows remote attackers to execute code or cause a denial-of-service (DoS). | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-05-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-5122"}, "references": [{"id": "CVE-2015-5122", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-5122"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-05-04", "date_added": "2022-04-13", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "53a34a42-f2be-4494-bf47-d44b07f56c09", "vulnerability": {"vulnId": "CVE-2022-24521", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "53a34a42-f2be-4494-bf47-d44b07f56c09", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows CLFS Driver Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Common Log File System (CLFS) Driver contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-04 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-24521"}, "references": [{"id": "CVE-2022-24521", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-24521"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787", "CWE-1285"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-04", "date_added": "2022-04-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows CLFS Driver Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "93279eb6-0b5e-4b61-822d-875ad328e292", "vulnerability": {"vulnId": "CVE-2018-7602", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "93279eb6-0b5e-4b61-822d-875ad328e292", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Drupal Core Remote Code Execution Vulnerability | Affected: Drupal / Core | Description: A remote code execution vulnerability exists within multiple subsystems of Drupal that can allow attackers to exploit multiple attack vectors on a Drupal site. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-04 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-7602"}, "references": [{"id": "CVE-2018-7602", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-7602"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Core", "due_date": "2022-05-04", "date_added": "2022-04-13", "vendorProject": "Drupal", "vulnerabilityName": "Drupal Core Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "575967d7-aff7-4cd9-adea-17e6d433db06", "vulnerability": {"vulnId": "CVE-2014-9163", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "575967d7-aff7-4cd9-adea-17e6d433db06", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Stack-Based Buffer Overflow Vulnerability | Affected: Adobe / Flash Player | Description: Stack-based buffer overflow in Adobe Flash Player allows attackers to execute code remotely. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-05-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-9163"}, "references": [{"id": "CVE-2014-9163", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-9163"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-05-04", "date_added": "2022-04-13", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Stack-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "748658ee-bf56-4d6b-bbe3-81ee33e96701", "vulnerability": {"vulnId": "CVE-2015-0313", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "748658ee-bf56-4d6b-bbe3-81ee33e96701", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Use-After-Free Vulnerability | Affected: Adobe / Flash Player | Description: Use-after-free vulnerability in Adobe Flash Player allows remote attackers to execute code. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-05-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-0313"}, "references": [{"id": "CVE-2015-0313", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-0313"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-05-04", "date_added": "2022-04-13", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dceb02c1-e186-4e69-8712-49a705d74448", "vulnerability": {"vulnId": "CVE-2018-20753", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "dceb02c1-e186-4e69-8712-49a705d74448", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Kaseya VSA Remote Code Execution Vulnerability | Affected: Kaseya / Virtual System/Server Administrator (VSA) | Description: Kaseya VSA RMM allows unprivileged remote attackers to execute PowerShell payloads on all managed devices. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-04 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-20753"}, "references": [{"id": "CVE-2018-20753", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-20753"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Virtual System/Server Administrator (VSA)", "due_date": "2022-05-04", "date_added": "2022-04-13", "vendorProject": "Kaseya", "vulnerabilityName": "Kaseya VSA Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "df912555-5f76-4b0f-852c-95e849d65ceb", "vulnerability": {"vulnId": "CVE-2015-2502", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "df912555-5f76-4b0f-852c-95e849d65ceb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a memory corruption vulnerability that allows an attacker to execute code or cause a denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-05-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-2502"}, "references": [{"id": "CVE-2015-2502", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2502"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-05-04", "date_added": "2022-04-13", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0ed56f1d-daa2-4a8c-8da5-33034cf056de", "vulnerability": {"vulnId": "CVE-2015-0311", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-13T00:00:00+00:00"}, "gcve": {"object_uuid": "0ed56f1d-daa2-4a8c-8da5-33034cf056de", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-13T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-13T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Remote Code Execution Vulnerability | Affected: Adobe / Flash Player | Description: Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute code. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-05-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-0311"}, "references": [{"id": "CVE-2015-0311", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-0311"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-05-04", "date_added": "2022-04-13", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "69f21464-7f92-47fa-9176-befcfeb86555", "vulnerability": {"vulnId": "CVE-2017-11317", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "69f21464-7f92-47fa-9176-befcfeb86555", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability | Affected: Telerik / User Interface (UI) for ASP.NET AJAX | Description: Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-11317"}, "references": [{"id": "CVE-2017-11317", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-11317"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-326"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "User Interface (UI) for ASP.NET AJAX", "due_date": "2022-05-02", "date_added": "2022-04-11", "vendorProject": "Telerik", "vulnerabilityName": "Telerik UI for ASP.NET AJAX Unrestricted File Upload Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fc33e64c-73de-4023-9770-04bfad6e5bf3", "vulnerability": {"vulnId": "CVE-2021-22600", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "fc33e64c-73de-4023-9770-04bfad6e5bf3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Privilege Escalation Vulnerability | Affected: Linux / Kernel | Description: Linux Kernel contains a flaw in the packet socket (AF_PACKET) implementation which could lead to incorrectly freeing memory. A local user could exploit this for denial-of-service (DoS) or possibly for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-22600"}, "references": [{"id": "CVE-2021-22600", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22600"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-415"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2022-05-02", "date_added": "2022-04-11", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "db9b1f28-0bc6-4b89-896a-a02ec79d7331", "vulnerability": {"vulnId": "CVE-2021-39793", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "db9b1f28-0bc6-4b89-896a-a02ec79d7331", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Pixel Out-of-Bounds Write Vulnerability | Affected: Google / Pixel | Description: Google Pixel contains a possible out-of-bounds write due to a logic error in the code that could lead to local escalation of privilege. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-39793"}, "references": [{"id": "CVE-2021-39793", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-39793"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pixel", "due_date": "2022-05-02", "date_added": "2022-04-11", "vendorProject": "Google", "vulnerabilityName": "Google Pixel Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "303492ee-578a-4997-a22b-3d68111c358d", "vulnerability": {"vulnId": "CVE-2020-2509", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "303492ee-578a-4997-a22b-3d68111c358d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-11T00:00:00Z"}, "scope": {"notes": "KEV entry: QNAP Network-Attached Storage (NAS) Command Injection Vulnerability | Affected: QNAP / QNAP Network-Attached Storage (NAS) | Description: QNAP NAS devices contain a command injection vulnerability which could allow attackers to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-2509"}, "references": [{"id": "CVE-2020-2509", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-2509"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77", "CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "QNAP Network-Attached Storage (NAS)", "due_date": "2022-05-02", "date_added": "2022-04-11", "vendorProject": "QNAP", "vulnerabilityName": "QNAP Network-Attached Storage (NAS) Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5cd55247-d2e3-4d95-8e4c-62b0be09855f", "vulnerability": {"vulnId": "CVE-2021-42287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "5cd55247-d2e3-4d95-8e4c-62b0be09855f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Active Directory Domain Services Privilege Escalation Vulnerability | Affected: Microsoft / Active Directory | Description: Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-02 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-42287"}, "references": [{"id": "CVE-2021-42287", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-42287"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Active Directory", "due_date": "2022-05-02", "date_added": "2022-04-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Active Directory Domain Services Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "58d684a4-6004-4cad-8944-7854b924424e", "vulnerability": {"vulnId": "CVE-2021-42278", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "58d684a4-6004-4cad-8944-7854b924424e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Active Directory Domain Services Privilege Escalation Vulnerability | Affected: Microsoft / Active Directory | Description: Microsoft Active Directory Domain Services contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-02 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-42278"}, "references": [{"id": "CVE-2021-42278", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-42278"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Active Directory", "due_date": "2022-05-02", "date_added": "2022-04-11", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Active Directory Domain Services Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "ddc5b9dd-b053-48e6-b99e-78643489e7ed", "vulnerability": {"vulnId": "CVE-2021-27852", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "ddc5b9dd-b053-48e6-b99e-78643489e7ed", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Checkbox Survey Deserialization of Untrusted Data Vulnerability | Affected: Checkbox / Checkbox Survey | Description: Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute arbitrary code. | Required action: Versions 6 and earlier for this product are end-of-life and must be removed from agency networks. Versions 7 and later are not considered vulnerable. | Due date: 2022-05-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-27852"}, "references": [{"id": "CVE-2021-27852", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27852"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Checkbox Survey", "due_date": "2022-05-02", "date_added": "2022-04-11", "vendorProject": "Checkbox", "vulnerabilityName": "Checkbox Survey Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "54c8b2fa-217b-4748-bd23-a9469c0c785a", "vulnerability": {"vulnId": "CVE-2022-23176", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-11T00:00:00+00:00"}, "gcve": {"object_uuid": "54c8b2fa-217b-4748-bd23-a9469c0c785a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-11T00:00:00Z"}, "scope": {"notes": "KEV entry: WatchGuard Firebox and XTM Privilege Escalation Vulnerability | Affected: WatchGuard / Firebox and XTM | Description: WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-23176"}, "references": [{"id": "CVE-2022-23176", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-23176"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firebox and XTM", "due_date": "2022-05-02", "date_added": "2022-04-11", "vendorProject": "WatchGuard", "vulnerabilityName": "WatchGuard Firebox and XTM Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b6557656-10d6-4e76-9711-368565a4bd59", "vulnerability": {"vulnId": "CVE-2021-3156", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-06T00:00:00+00:00"}, "gcve": {"object_uuid": "b6557656-10d6-4e76-9711-368565a4bd59", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Sudo Heap-Based Buffer Overflow Vulnerability | Affected: Sudo / Sudo | Description: Sudo contains an off-by-one error that can result in a heap-based buffer overflow, which allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-3156"}, "references": [{"id": "CVE-2021-3156", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-3156"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122", "CWE-193"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Sudo", "due_date": "2022-04-27", "date_added": "2022-04-06", "vendorProject": "Sudo", "vulnerabilityName": "Sudo Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "86364c4a-ceaf-4a9a-b056-65a01f3b8e9b", "vulnerability": {"vulnId": "CVE-2017-0148", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-06T00:00:00+00:00"}, "gcve": {"object_uuid": "86364c4a-ceaf-4a9a-b056-65a01f3b8e9b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SMBv1 Server Remote Code Execution Vulnerability | Affected: Microsoft / SMBv1 server | Description: The SMBv1 server in Microsoft allows remote attackers to execute arbitrary code via crafted packets. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-27 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0148"}, "references": [{"id": "CVE-2017-0148", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0148"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMBv1 server", "due_date": "2022-04-27", "date_added": "2022-04-06", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SMBv1 Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "cc656da8-bb7b-4267-8519-01fa39a58e99", "vulnerability": {"vulnId": "CVE-2021-31166", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-06T00:00:00+00:00"}, "gcve": {"object_uuid": "cc656da8-bb7b-4267-8519-01fa39a58e99", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-06T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-06T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability | Affected: Microsoft / HTTP Protocol Stack | Description: Microsoft HTTP Protocol Stack contains a vulnerability in http.sys that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-27 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-31166"}, "references": [{"id": "CVE-2021-31166", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-31166"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HTTP Protocol Stack", "due_date": "2022-04-27", "date_added": "2022-04-06", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft HTTP Protocol Stack Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a2ed226b-8c1b-482e-ba66-e46885c9d935", "vulnerability": {"vulnId": "CVE-2022-22675", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "a2ed226b-8c1b-482e-ba66-e46885c9d935", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple macOS Out-of-Bounds Write Vulnerability | Affected: Apple / macOS | Description: macOS Monterey contains an out-of-bounds write vulnerability that could allow an application to execute arbitrary code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-22675"}, "references": [{"id": "CVE-2022-22675", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22675"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-125"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "macOS", "due_date": "2022-04-25", "date_added": "2022-04-04", "vendorProject": "Apple", "vulnerabilityName": "Apple macOS Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "261cd514-a148-4fe0-b808-e3317f9ce27d", "vulnerability": {"vulnId": "CVE-2022-22674", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "261cd514-a148-4fe0-b808-e3317f9ce27d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple macOS Out-of-Bounds Read Vulnerability | Affected: Apple / macOS | Description: macOS Monterey contains an out-of-bounds read vulnerability that could allow an application to read kernel memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-22674"}, "references": [{"id": "CVE-2022-22674", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22674"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-125"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "macOS", "due_date": "2022-04-25", "date_added": "2022-04-04", "vendorProject": "Apple", "vulnerabilityName": "Apple macOS Out-of-Bounds Read Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c7e9e0be-415b-432d-87ef-47f41a518a9d", "vulnerability": {"vulnId": "CVE-2022-22965", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "c7e9e0be-415b-432d-87ef-47f41a518a9d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Spring Framework JDK 9+ Remote Code Execution Vulnerability | Affected: VMware / Spring Framework | Description: Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-22965"}, "references": [{"id": "CVE-2022-22965", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22965"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Spring Framework", "due_date": "2022-04-25", "date_added": "2022-04-04", "vendorProject": "VMware", "vulnerabilityName": "Spring Framework JDK 9+ Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "616c5c57-65be-4e39-9154-b1b063fd4647", "vulnerability": {"vulnId": "CVE-2021-45382", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-04-04T00:00:00+00:00"}, "gcve": {"object_uuid": "616c5c57-65be-4e39-9154-b1b063fd4647", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-04-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-04-04T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link Multiple Routers Remote Code Execution Vulnerability | Affected: D-Link / Multiple Routers | Description: A remote code execution vulnerability exists in all series H/W revisions routers via the DDNS function in ncc2 binary file. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-04-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-45382"}, "references": [{"id": "CVE-2021-45382", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-45382"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Routers", "due_date": "2022-04-25", "date_added": "2022-04-04", "vendorProject": "D-Link", "vulnerabilityName": "D-Link Multiple Routers Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0b840c30-10bc-4195-8d93-61ec8504896e", "vulnerability": {"vulnId": "CVE-2018-10562", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "0b840c30-10bc-4195-8d93-61ec8504896e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-31T00:00:00Z"}, "scope": {"notes": "KEV entry: Dasan GPON Routers Command Injection Vulnerability | Affected: Dasan / Gigabit Passive Optical Network (GPON) Routers | Description: Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10561, exploitation can allow an attacker to perform remote code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-04-21 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-10562"}, "references": [{"id": "CVE-2018-10562", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-10562"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Gigabit Passive Optical Network (GPON) Routers", "due_date": "2022-04-21", "date_added": "2022-03-31", "vendorProject": "Dasan", "vulnerabilityName": "Dasan GPON Routers Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "334d27dc-c265-46df-93c4-62cae5eb5122", "vulnerability": {"vulnId": "CVE-2021-28799", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "334d27dc-c265-46df-93c4-62cae5eb5122", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-31T00:00:00Z"}, "scope": {"notes": "KEV entry: QNAP NAS Improper Authorization Vulnerability | Affected: QNAP / Network Attached Storage (NAS) | Description: QNAP NAS running HBS 3 contains an improper authorization vulnerability which can allow remote attackers to log in to a device. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-21 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-28799"}, "references": [{"id": "CVE-2021-28799", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-28799"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-285"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Network Attached Storage (NAS)", "due_date": "2022-04-21", "date_added": "2022-03-31", "vendorProject": "QNAP", "vulnerabilityName": "QNAP NAS Improper Authorization Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8f383a2c-0933-4595-a47a-b72b986c464e", "vulnerability": {"vulnId": "CVE-2021-34484", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "8f383a2c-0933-4595-a47a-b72b986c464e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-31T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows User Profile Service Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows User Profile Service contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-34484"}, "references": [{"id": "CVE-2021-34484", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-34484"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-21", "date_added": "2022-03-31", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows User Profile Service Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3cefdbf0-e812-436f-90a2-c1cf01822506", "vulnerability": {"vulnId": "CVE-2018-10561", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "3cefdbf0-e812-436f-90a2-c1cf01822506", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-31T00:00:00Z"}, "scope": {"notes": "KEV entry: Dasan GPON Routers Authentication Bypass Vulnerability | Affected: Dasan / Gigabit Passive Optical Network (GPON) Routers | Description: Dasan GPON Routers contain an authentication bypass vulnerability. When combined with CVE-2018-10562, exploitation can allow an attacker to perform remote code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-04-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-10561"}, "references": [{"id": "CVE-2018-10561", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-10561"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Gigabit Passive Optical Network (GPON) Routers", "due_date": "2022-04-21", "date_added": "2022-03-31", "vendorProject": "Dasan", "vulnerabilityName": "Dasan GPON Routers Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ba383bcf-6e11-49ed-88ac-c9b82f563a10", "vulnerability": {"vulnId": "CVE-2022-26871", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "ba383bcf-6e11-49ed-88ac-c9b82f563a10", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-31T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Apex Central Arbitrary File Upload Vulnerability | Affected: Trend Micro / Apex Central | Description: An arbitrary file upload vulnerability in Trend Micro Apex Central could allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-26871"}, "references": [{"id": "CVE-2022-26871", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26871"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-184"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex Central", "due_date": "2022-04-21", "date_added": "2022-03-31", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Apex Central Arbitrary File Upload Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c2e458d5-7e8e-4754-8717-14c549e54bac", "vulnerability": {"vulnId": "CVE-2021-21551", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "c2e458d5-7e8e-4754-8717-14c549e54bac", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-31T00:00:00Z"}, "scope": {"notes": "KEV entry: Dell dbutil Driver Insufficient Access Control Vulnerability | Affected: Dell / dbutil Driver | Description: Dell dbutil driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial-of-service (DoS), or information disclosure. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21551"}, "references": [{"id": "CVE-2021-21551", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21551"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-782"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "dbutil Driver", "due_date": "2022-04-21", "date_added": "2022-03-31", "vendorProject": "Dell", "vulnerabilityName": "Dell dbutil Driver Insufficient Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2b108623-0dfe-4496-977b-b4e1a0ab9be9", "vulnerability": {"vulnId": "CVE-2022-1040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-31T00:00:00+00:00"}, "gcve": {"object_uuid": "2b108623-0dfe-4496-977b-b4e1a0ab9be9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-31T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-31T00:00:00Z"}, "scope": {"notes": "KEV entry: Sophos Firewall Authentication Bypass Vulnerability | Affected: Sophos / Firewall | Description: An authentication bypass vulnerability in User Portal and Webadmin of Sophos Firewall allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-1040"}, "references": [{"id": "CVE-2022-1040", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-1040"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-158"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firewall", "due_date": "2022-04-21", "date_added": "2022-03-31", "vendorProject": "Sophos", "vulnerabilityName": "Sophos Firewall Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3288fcb4-55a6-40d2-bf59-245fdf7ee538", "vulnerability": {"vulnId": "CVE-2016-7200", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "3288fcb4-55a6-40d2-bf59-245fdf7ee538", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Edge Memory Corruption Vulnerability | Affected: Microsoft / Edge | Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-7200"}, "references": [{"id": "CVE-2016-7200", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-7200"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Edge", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Edge Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d20c300a-5c19-4d4c-aeb8-2d4c1b0676e5", "vulnerability": {"vulnId": "CVE-2015-1770", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "d20c300a-5c19-4d4c-aeb8-2d4c1b0676e5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Uninitialized Memory Use Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office allows remote attackers to execute arbitrary code via a crafted Office document. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-1770"}, "references": [{"id": "CVE-2015-1770", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-1770"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-19"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Uninitialized Memory Use Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "90f03a82-3d4e-4748-9455-7a428082b397", "vulnerability": {"vulnId": "CVE-2013-2465", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "90f03a82-3d4e-4748-9455-7a428082b397", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Java SE Unspecified Vulnerability | Affected: Oracle / Java SE | Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to 2D | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-2465"}, "references": [{"id": "CVE-2013-2465", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2465"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java SE", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Java SE Unspecified Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3327a3b9-28af-4d73-8112-f1866a1ca7e1", "vulnerability": {"vulnId": "CVE-2018-8406", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "3327a3b9-28af-4d73-8112-f1866a1ca7e1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability | Affected: Microsoft / DirectX Graphics Kernel (DXGKRNL) | Description: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8406"}, "references": [{"id": "CVE-2018-8406", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8406"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-404"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DirectX Graphics Kernel (DXGKRNL)", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "4e92ffe4-58fe-4824-affb-8382f5e3d00a", "vulnerability": {"vulnId": "CVE-2015-2426", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "4e92ffe4-58fe-4824-affb-8382f5e3d00a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: A remote code execution vulnerability exists in Microsoft Windows when the Windows Adobe Type Manager Library improperly handles specially crafted OpenType fonts. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-2426"}, "references": [{"id": "CVE-2015-2426", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2426"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Adobe Type Manager Library Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8b0072f5-f85e-4406-8ef8-aae614fb5cae", "vulnerability": {"vulnId": "CVE-2021-26085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "8b0072f5-f85e-4406-8ef8-aae614fb5cae", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability | Affected: Atlassian / Confluence Server | Description: Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a pre-authorization arbitrary file read vulnerability in the /s/ endpoint. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-26085"}, "references": [{"id": "CVE-2021-26085", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-26085"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-425"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Confluence Server", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3b372def-ddc9-4c02-8787-9597141ae8ed", "vulnerability": {"vulnId": "CVE-2013-3660", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "3b372def-ddc9-4c02-8787-9597141ae8ed", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft does not properly initialize a pointer for the next object in a certain list, which allows local users to gain privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-3660"}, "references": [{"id": "CVE-2013-3660", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-3660"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bbc53835-24cc-4658-8c90-049efac595d3", "vulnerability": {"vulnId": "CVE-2017-0213", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "bbc53835-24cc-4658-8c90-049efac595d3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows COM Aggregate Marshaler allows for privilege escalation when an attacker runs a specially crafted application. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0213"}, "references": [{"id": "CVE-2017-0213", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0213"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "379199fc-7758-4b6d-ad81-d800954cb401", "vulnerability": {"vulnId": "CVE-2021-20028", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "379199fc-7758-4b6d-ad81-d800954cb401", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability | Affected: SonicWall / Secure Remote Access (SRA) | Description: SonicWall Secure Remote Access (SRA) products contain an improper neutralization of a SQL Command leading to SQL injection. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-20028"}, "references": [{"id": "CVE-2021-20028", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20028"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Secure Remote Access (SRA)", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall Secure Remote Access (SRA) SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2d9b7781-627b-48e2-8277-048291923fcc", "vulnerability": {"vulnId": "CVE-2022-1096", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "2d9b7781-627b-48e2-8277-048291923fcc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-1096"}, "references": [{"id": "CVE-2022-1096", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-1096"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ff251693-1830-4089-8690-258356370e6d", "vulnerability": {"vulnId": "CVE-2010-4398", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "ff251693-1830-4089-8690-258356370e6d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability | Affected: Microsoft / Windows | Description: Stack-based buffer overflow in the RtlQueryRegistryValues function in win32k.sys in Microsoft Windows allows local users to gain privileges, and bypass the User Account Control (UAC) feature. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-4398"}, "references": [{"id": "CVE-2010-4398", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-4398"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-21", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Stack-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "886732d5-018a-424b-90bc-6b47f383adfa", "vulnerability": {"vulnId": "CVE-2012-2539", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "886732d5-018a-424b-90bc-6b47f383adfa", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Word Remote Code Execution Vulnerability | Affected: Microsoft / Word | Description: Microsoft Word allows attackers to execute remote code or cause a denial-of-service (DoS) via crafted RTF data. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-2539"}, "references": [{"id": "CVE-2012-2539", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-2539"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Word", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Word Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "336c2a6b-7714-497e-ab1f-9b677e40341e", "vulnerability": {"vulnId": "CVE-2021-38646", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "336c2a6b-7714-497e-ab1f-9b677e40341e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office Access Connectivity Engine contains an unspecified vulnerability which can allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-38646"}, "references": [{"id": "CVE-2021-38646", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-38646"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Access Connectivity Engine Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "361dd5d8-81ec-4665-bc11-ff26325b4787", "vulnerability": {"vulnId": "CVE-2017-0037", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "361dd5d8-81ec-4665-bc11-ff26325b4787", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Edge and Internet Explorer Type Confusion Vulnerability | Affected: Microsoft / Edge and Internet Explorer | Description: Microsoft Edge and Internet Explorer have a type confusion vulnerability in mshtml.dll, which allows remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0037"}, "references": [{"id": "CVE-2017-0037", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0037"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-704"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Edge and Internet Explorer", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Edge and Internet Explorer Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6e8bc75f-904b-482f-8794-25489550df2c", "vulnerability": {"vulnId": "CVE-2018-8405", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "6e8bc75f-904b-482f-8794-25489550df2c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability | Affected: Microsoft / DirectX Graphics Kernel (DXGKRNL) | Description: An elevation of privilege vulnerability exists when the DirectX Graphics Kernel (DXGKRNL) driver improperly handles objects in memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8405"}, "references": [{"id": "CVE-2018-8405", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8405"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-404"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DirectX Graphics Kernel (DXGKRNL)", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft DirectX Graphics Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "439dc963-e6cf-4248-a978-534dc967acf3", "vulnerability": {"vulnId": "CVE-2013-2551", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "439dc963-e6cf-4248-a978-534dc967acf3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Use-After-Free Vulnerability | Affected: Microsoft / Internet Explorer | Description: Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute remote code via a crafted web site that triggers access to a deleted object. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-2551"}, "references": [{"id": "CVE-2013-2551", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2551"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "269aea61-c2ef-4fdf-afdb-049460d6837c", "vulnerability": {"vulnId": "CVE-2016-7201", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "269aea61-c2ef-4fdf-afdb-049460d6837c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Edge Memory Corruption Vulnerability | Affected: Microsoft / Edge | Description: The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-7201"}, "references": [{"id": "CVE-2016-7201", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-7201"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Edge", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Edge Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d755fe9f-716c-46a9-8e0a-e4d872e4c82f", "vulnerability": {"vulnId": "CVE-2018-8440", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "d755fe9f-716c-46a9-8e0a-e4d872e4c82f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC). | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8440"}, "references": [{"id": "CVE-2018-8440", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8440"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "d468095f-243e-4c9e-9ff8-b5a915f7bea0", "vulnerability": {"vulnId": "CVE-2016-0040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "d468095f-243e-4c9e-9ff8-b5a915f7bea0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: The kernel in Microsoft Windows allows local users to gain privileges via a crafted application. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-0040"}, "references": [{"id": "CVE-2016-0040", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-0040"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3a3f98ed-542b-4632-8d38-82f8809d653e", "vulnerability": {"vulnId": "CVE-2019-7483", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "3a3f98ed-542b-4632-8d38-82f8809d653e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SMA100 Directory Traversal Vulnerability | Affected: SonicWall / SMA100 | Description: In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-7483"}, "references": [{"id": "CVE-2019-7483", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7483"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMA100", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SMA100 Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "00d1f03d-8e79-4996-ad24-d8a9dbed6437", "vulnerability": {"vulnId": "CVE-2015-2419", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "00d1f03d-8e79-4996-ad24-d8a9dbed6437", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: JScript in Microsoft Internet Explorer allows remote attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-2419"}, "references": [{"id": "CVE-2015-2419", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2419"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "84debfa9-7dc5-4852-923e-05447e2c35da", "vulnerability": {"vulnId": "CVE-2012-0518", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "84debfa9-7dc5-4852-923e-05447e2c35da", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Fusion Middleware Unspecified Vulnerability | Affected: Oracle / Fusion Middleware | Description: Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusion Middleware allows remote attackers to affect integrity via Unknown vectors | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-0518"}, "references": [{"id": "CVE-2012-0518", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-0518"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-601"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Fusion Middleware", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Fusion Middleware Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "13b3fd02-b777-4bd6-89e2-d6e5159cec73", "vulnerability": {"vulnId": "CVE-2013-1690", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "13b3fd02-b777-4bd6-89e2-d6e5159cec73", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability | Affected: Mozilla / Firefox and Thunderbird | Description: Mozilla Firefox and Thunderbird do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial-of-service (DoS) or possibly execute malicious code via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-1690"}, "references": [{"id": "CVE-2013-1690", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-1690"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firefox and Thunderbird", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Firefox and Thunderbird Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bdeb3b51-963f-4f63-8d54-06a1b27e78c2", "vulnerability": {"vulnId": "CVE-2012-5076", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "bdeb3b51-963f-4f63-8d54-06a1b27e78c2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Java SE Sandbox Bypass Vulnerability | Affected: Oracle / Java SE | Description: The default Java security properties configuration did not restrict access to the com.sun.org.glassfish.external and com.sun.org.glassfish.gmbal packages. An untrusted Java application or applet could use these flaws to bypass Java sandbox restrictions. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-5076"}, "references": [{"id": "CVE-2012-5076", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-5076"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java SE", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Java SE Sandbox Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9d744e22-3acf-4ced-b675-d2b027026eb8", "vulnerability": {"vulnId": "CVE-2012-2034", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "9d744e22-3acf-4ced-b675-d2b027026eb8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Memory Corruption Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains a memory corruption vulnerability that allows for remote code execution or denial-of-service (DoS). | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-2034"}, "references": [{"id": "CVE-2012-2034", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-2034"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "65345729-5897-4765-bd52-11ec9f238894", "vulnerability": {"vulnId": "CVE-2016-0151", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "65345729-5897-4765-bd52-11ec9f238894", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows CSRSS Security Feature Bypass Vulnerability | Affected: Microsoft / Client-Server Run-time Subsystem (CSRSS) | Description: The Client-Server Run-time Subsystem (CSRSS) in Microsoft mismanages process tokens, which allows local users to gain privileges via a crafted application. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-0151"}, "references": [{"id": "CVE-2016-0151", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-0151"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Client-Server Run-time Subsystem (CSRSS)", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows CSRSS Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "d885f9ad-4b62-471a-8432-a8ec57ae288c", "vulnerability": {"vulnId": "CVE-2017-0059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "d885f9ad-4b62-471a-8432-a8ec57ae288c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Information Disclosure Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer allow remote attackers to obtain sensitive information from process memory via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0059"}, "references": [{"id": "CVE-2017-0059", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0059"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f12a6188-2357-4d44-a15f-010c7da0b35c", "vulnerability": {"vulnId": "CVE-2021-34486", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "f12a6188-2357-4d44-a15f-010c7da0b35c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Event Tracing Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Event Tracing contains an unspecified vulnerability which can allow for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-34486"}, "references": [{"id": "CVE-2021-34486", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-34486"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Event Tracing Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "29aa0f02-8988-43cd-98ce-f9f93ea3473b", "vulnerability": {"vulnId": "CVE-2011-2005", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "29aa0f02-8988-43cd-98ce-f9f93ea3473b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability | Affected: Microsoft / Ancillary Function Driver (afd.sys) | Description: afd.sys in the Ancillary Function Driver in Microsoft Windows does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2011-2005"}, "references": [{"id": "CVE-2011-2005", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-2005"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Ancillary Function Driver (afd.sys)", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Ancillary Function Driver (afd.sys) Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0e6a012f-794f-4f74-ab36-b38cdbc6e7fd", "vulnerability": {"vulnId": "CVE-2022-0543", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "0e6a012f-794f-4f74-ab36-b38cdbc6e7fd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Debian-specific Redis Server Lua Sandbox Escape Vulnerability | Affected: Redis / Debian-specific Redis Servers | Description: Redis is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-0543"}, "references": [{"id": "CVE-2022-0543", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-0543"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-862"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Debian-specific Redis Servers", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Redis", "vulnerabilityName": "Debian-specific Redis Server Lua Sandbox Escape Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "02639c5d-a9ec-4fd6-9193-4da67889e2ee", "vulnerability": {"vulnId": "CVE-2016-0189", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "02639c5d-a9ec-4fd6-9193-4da67889e2ee", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: The Microsoft JScript nd VBScript engines, as used in Internet Explorer and other products, allow attackers to execute remote code or cause a denial of service (memory corruption) via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-0189"}, "references": [{"id": "CVE-2016-0189", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-0189"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "15e0ea54-bfd0-4ff8-80e6-81190381c62e", "vulnerability": {"vulnId": "CVE-2013-2729", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-28T00:00:00+00:00"}, "gcve": {"object_uuid": "15e0ea54-bfd0-4ff8-80e6-81190381c62e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability | Affected: Adobe / Reader and Acrobat | Description: Integer overflow vulnerability in Adobe Reader and Acrobat allows attackers to execute remote code. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-2729"}, "references": [{"id": "CVE-2013-2729", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2729"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-189"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Reader and Acrobat", "due_date": "2022-04-18", "date_added": "2022-03-28", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Reader and Acrobat Arbitrary Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1b9de2fa-e1be-404d-9ad1-bdb74688f7d8", "vulnerability": {"vulnId": "CVE-2010-2861", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "1b9de2fa-e1be-404d-9ad1-bdb74688f7d8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Directory Traversal Vulnerability | Affected: Adobe / ColdFusion | Description: A directory traversal vulnerability exists in the administrator console in Adobe ColdFusion which allows remote attackers to read arbitrary files. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-2861"}, "references": [{"id": "CVE-2010-2861", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-2861"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "6189a305-5487-4036-b4cc-1c04d2cf7b06", "vulnerability": {"vulnId": "CVE-2014-6324", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "6189a305-5487-4036-b4cc-1c04d2cf7b06", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability | Affected: Microsoft / Kerberos Key Distribution Center (KDC) | Description: The Kerberos Key Distribution Center (KDC) in Microsoft allows remote authenticated domain users to obtain domain administrator privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-6324"}, "references": [{"id": "CVE-2014-6324", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-6324"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kerberos Key Distribution Center (KDC)", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Kerberos Key Distribution Center (KDC) Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cd55b5b8-d66d-4908-9d35-fee03a2ce3e8", "vulnerability": {"vulnId": "CVE-2017-12615", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "cd55b5b8-d66d-4908-9d35-fee03a2ce3e8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Tomcat on Windows Remote Code Execution Vulnerability | Affected: Apache / Tomcat | Description: When running Apache Tomcat on Windows with HTTP PUTs enabled, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12615"}, "references": [{"id": "CVE-2017-12615", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12615"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Tomcat", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Apache", "vulnerabilityName": "Apache Tomcat on Windows Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "55e465ca-0ad5-4566-a690-be7e1de45eea", "vulnerability": {"vulnId": "CVE-2018-14839", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "55e465ca-0ad5-4566-a690-be7e1de45eea", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: LG N1A1 NAS Remote Command Execution Vulnerability | Affected: LG / N1A1 NAS | Description: LG N1A1 NAS 3718.510 is affected by a remote code execution vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-14839"}, "references": [{"id": "CVE-2018-14839", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-14839"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "N1A1 NAS", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "LG", "vulnerabilityName": "LG N1A1 NAS Remote Command Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d2c0706b-8cfd-4a15-b299-678afabf2e49", "vulnerability": {"vulnId": "CVE-2017-0146", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d2c0706b-8cfd-4a15-b299-678afabf2e49", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows SMB Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: The SMBv1 server in Microsoft Windows allows remote attackers to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0146"}, "references": [{"id": "CVE-2017-0146", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0146"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows SMB Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "d866e9ae-ba0b-4568-9109-418acc16c0df", "vulnerability": {"vulnId": "CVE-2013-2251", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d866e9ae-ba0b-4568-9109-418acc16c0df", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Struts Improper Input Validation Vulnerability | Affected: Apache / Struts | Description: Apache Struts allows remote attackers to execute arbitrary Object-Graph Navigation Language (OGNL) expressions. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-2251"}, "references": [{"id": "CVE-2013-2251", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-2251"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Struts", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Apache", "vulnerabilityName": "Apache Struts Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "237de4c3-2f15-4414-af25-7ea9c72c6e04", "vulnerability": {"vulnId": "CVE-2017-12617", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "237de4c3-2f15-4414-af25-7ea9c72c6e04", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Tomcat Remote Code Execution Vulnerability | Affected: Apache / Tomcat | Description: When running Apache Tomcat, it is possible to upload a JSP file to the server via a specially crafted request. This JSP could then be requested and any code it contained would be executed by the server. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12617"}, "references": [{"id": "CVE-2017-12617", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12617"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Tomcat", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Apache", "vulnerabilityName": "Apache Tomcat Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "403adbde-9075-4067-9c9d-03e68036d40c", "vulnerability": {"vulnId": "CVE-2020-2021", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "403adbde-9075-4067-9c9d-03e68036d40c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability | Affected: Palo Alto Networks / PAN-OS | Description: Palo Alto Networks PAN-OS contains a vulnerability in SAML which allows an attacker to bypass authentication. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-2021"}, "references": [{"id": "CVE-2020-2021", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-2021"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-347"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PAN-OS", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks PAN-OS Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "7e5ef2ef-e79e-4431-be33-4443bd8bbc7e", "vulnerability": {"vulnId": "CVE-2019-1003030", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "7e5ef2ef-e79e-4431-be33-4443bd8bbc7e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Jenkins Matrix Project Plugin Remote Code Execution Vulnerability | Affected: Jenkins / Matrix Project Plugin | Description: Jenkins Matrix Project plugin contains a vulnerability which can allow users to escape the sandbox, opening opportunity to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1003030"}, "references": [{"id": "CVE-2019-1003030", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1003030"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Matrix Project Plugin", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Jenkins", "vulnerabilityName": "Jenkins Matrix Project Plugin Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "85f20cf3-fe88-453c-b899-034653616275", "vulnerability": {"vulnId": "CVE-2014-6287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "85f20cf3-fe88-453c-b899-034653616275", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability | Affected: Rejetto / HTTP File Server (HFS) | Description: The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (HFS or HttpFileServer) allows remote attackers to execute arbitrary programs. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-6287"}, "references": [{"id": "CVE-2014-6287", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-6287"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HTTP File Server (HFS)", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Rejetto", "vulnerabilityName": "Rejetto HTTP File Server (HFS) Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "baab3a50-db04-49f0-9b97-97b137233804", "vulnerability": {"vulnId": "CVE-2015-4068", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "baab3a50-db04-49f0-9b97-97b137233804", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability | Affected: Arcserve / Unified Data Protection (UDP) | Description: Directory traversal vulnerability in Arcserve UDP allows remote attackers to obtain sensitive information or cause a denial of service. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-4068"}, "references": [{"id": "CVE-2015-4068", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-4068"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Unified Data Protection (UDP)", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Arcserve", "vulnerabilityName": "Arcserve Unified Data Protection (UDP) Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6a02af8a-506c-4789-9f8a-00c2eae68ce7", "vulnerability": {"vulnId": "CVE-2016-7892", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "6a02af8a-506c-4789-9f8a-00c2eae68ce7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Use-After-Free Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player has an exploitable use-after-free vulnerability in the TextField class. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-7892"}, "references": [{"id": "CVE-2016-7892", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-7892"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4625c39b-89f4-40b0-a3c1-fabea1c1ea43", "vulnerability": {"vulnId": "CVE-2020-9377", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4625c39b-89f4-40b0-a3c1-fabea1c1ea43", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DIR-610 Devices Remote Command Execution | Affected: D-Link / DIR-610 Devices | Description: D-Link DIR-610 devices allow remote code execution via the cmd parameter to command.php. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-9377"}, "references": [{"id": "CVE-2020-9377", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-9377"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DIR-610 Devices", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DIR-610 Devices Remote Command Execution", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "512d65d3-d470-4945-aaf3-ae286e760d71", "vulnerability": {"vulnId": "CVE-2022-26143", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "512d65d3-d470-4945-aaf3-ae286e760d71", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: MiCollab, MiVoice Business Express Access Control Vulnerability | Affected: Mitel / MiCollab, MiVoice Business Express | Description: A vulnerability has been identified in MiCollab and MiVoice Business Express that may allow a malicious actor to gain unauthorized access to sensitive information and services, cause performance degradations or a denial of service condition on the affected system. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-26143"}, "references": [{"id": "CVE-2022-26143", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26143"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306", "CWE-406"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MiCollab, MiVoice Business Express", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Mitel", "vulnerabilityName": "MiCollab, MiVoice Business Express Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ac19dab1-452d-4146-9bed-e6cd7f190110", "vulnerability": {"vulnId": "CVE-2018-8414", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "ac19dab1-452d-4146-9bed-e6cd7f190110", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Shell Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: A remote code execution vulnerability exists when the Windows Shell does not properly validate file paths. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8414"}, "references": [{"id": "CVE-2018-8414", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8414"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Shell Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "00552c4f-8a25-4ca1-9437-933aff6e9c3c", "vulnerability": {"vulnId": "CVE-2019-0903", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "00552c4f-8a25-4ca1-9437-933aff6e9c3c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft GDI Remote Code Execution Vulnerability | Affected: Microsoft / Graphics Device Interface (GDI) | Description: A remote code execution vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in the memory. An attacker who successfully exploited this vulnerability could take control of the affected system. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0903"}, "references": [{"id": "CVE-2019-0903", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0903"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Graphics Device Interface (GDI)", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft GDI Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "135b1fd5-4775-4f0d-9964-6f458281d32a", "vulnerability": {"vulnId": "CVE-2016-0752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "135b1fd5-4775-4f0d-9964-6f458281d32a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Ruby on Rails Directory Traversal Vulnerability | Affected: Rails / Ruby on Rails | Description: Directory traversal vulnerability in Action View in Ruby on Rails allows remote attackers to read arbitrary files. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-0752"}, "references": [{"id": "CVE-2016-0752", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-0752"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Ruby on Rails", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Rails", "vulnerabilityName": "Ruby on Rails Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d6b1ccaf-92e2-42ec-9b90-748e571e6162", "vulnerability": {"vulnId": "CVE-2019-12989", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d6b1ccaf-92e2-42ec-9b90-748e571e6162", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix SD-WAN and NetScaler SQL Injection Vulnerability | Affected: Citrix / SD-WAN and NetScaler | Description: Citrix SD-WAN and NetScaler SD-WAN allow SQL Injection. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-12989"}, "references": [{"id": "CVE-2019-12989", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-12989"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SD-WAN and NetScaler", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Citrix", "vulnerabilityName": "Citrix SD-WAN and NetScaler SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6faec9a4-f17a-47ea-9b67-c4681cc12f0e", "vulnerability": {"vulnId": "CVE-2009-0927", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "6faec9a4-f17a-47ea-9b67-c4681cc12f0e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability | Affected: Adobe / Reader and Acrobat | Description: Stack-based buffer overflow in Adobe Reader and Adobe Acrobat allows remote attackers to execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2009-0927"}, "references": [{"id": "CVE-2009-0927", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-0927"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Reader and Acrobat", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Reader and Adobe Acrobat Stack-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "16afbd10-3739-4639-988e-9a80ead4c3b8", "vulnerability": {"vulnId": "CVE-2019-10068", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "16afbd10-3739-4639-988e-9a80ead4c3b8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Kentico Xperience Deserialization of Untrusted Data Vulnerability | Affected: Kentico / Xperience | Description: Kentico contains a failure to validate security headers. This deserialization can led to unauthenticated remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-10068"}, "references": [{"id": "CVE-2019-10068", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-10068"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Xperience", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Kentico", "vulnerabilityName": "Kentico Xperience Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "618c9c24-fa4c-4048-a54a-287f0aecaa56", "vulnerability": {"vulnId": "CVE-2020-2506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "618c9c24-fa4c-4048-a54a-287f0aecaa56", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: QNAP Helpdesk Improper Access Control Vulnerability | Affected: QNAP Systems / Helpdesk | Description: QNAP Helpdesk contains an improper access control vulnerability which could allow an attacker to gain privileges or to read sensitive information. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-2506"}, "references": [{"id": "CVE-2020-2506", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-2506"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Helpdesk", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "QNAP Systems", "vulnerabilityName": "QNAP Helpdesk Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0f203b6a-dd26-4a6a-b501-8c7eebf03b61", "vulnerability": {"vulnId": "CVE-2016-10174", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "0f203b6a-dd26-4a6a-b501-8c7eebf03b61", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability | Affected: NETGEAR / WNR2000v5 Router | Description: The NETGEAR WNR2000v5 router contains a buffer overflow which can be exploited to achieve remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-10174"}, "references": [{"id": "CVE-2016-10174", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-10174"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WNR2000v5 Router", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "NETGEAR", "vulnerabilityName": "NETGEAR WNR2000v5 Router Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "835f6763-b3c7-442b-af7d-71a67a1e3eb8", "vulnerability": {"vulnId": "CVE-2015-1427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "835f6763-b3c7-442b-af7d-71a67a1e3eb8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability | Affected: Elastic / Elasticsearch | Description: The Groovy scripting engine in Elasticsearch allows remote attackers to bypass the sandbox protection mechanism and execute arbitrary shell commands. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-1427"}, "references": [{"id": "CVE-2015-1427", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-1427"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Elasticsearch", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Elastic", "vulnerabilityName": "Elasticsearch Groovy Scripting Engine Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2e6c2430-6b4c-4d4f-9ca1-662d292b1921", "vulnerability": {"vulnId": "CVE-2018-0125", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2e6c2430-6b4c-4d4f-9ca1-662d292b1921", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco VPN Routers Remote Code Execution Vulnerability | Affected: Cisco / VPN Routers | Description: A vulnerability in the web interface of the Cisco VPN Routers could allow an unauthenticated, remote attacker to execute arbitrary code as root and gain full control of an affected system. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0125"}, "references": [{"id": "CVE-2018-0125", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0125"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VPN Routers", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Cisco", "vulnerabilityName": "Cisco VPN Routers Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e4a84b94-f775-433a-b6e2-ff2dcfd02c39", "vulnerability": {"vulnId": "CVE-2018-1273", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e4a84b94-f775-433a-b6e2-ff2dcfd02c39", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware Tanzu Spring Data Commons Property Binder Vulnerability | Affected: VMware Tanzu / Spring Data Commons | Description: Spring Data Commons contains a property binder vulnerability which can allow an attacker to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-1273"}, "references": [{"id": "CVE-2018-1273", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-1273"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Spring Data Commons", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "VMware Tanzu", "vulnerabilityName": "VMware Tanzu Spring Data Commons Property Binder Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "c54f71c3-49d4-43db-8d6a-93018095347a", "vulnerability": {"vulnId": "CVE-2005-2773", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c54f71c3-49d4-43db-8d6a-93018095347a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: HP OpenView Network Node Manager Remote Code Execution Vulnerability | Affected: Hewlett Packard (HP) / OpenView Network Node Manager | Description: HP OpenView Network Node Manager could allow a remote attacker to execute arbitrary commands on the system. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2005-2773"}, "references": [{"id": "CVE-2005-2773", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2005-2773"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "OpenView Network Node Manager", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Hewlett Packard (HP)", "vulnerabilityName": "HP OpenView Network Node Manager Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4db74789-53d4-43be-9604-ab5075475391", "vulnerability": {"vulnId": "CVE-2019-16920", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4db74789-53d4-43be-9604-ab5075475391", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link Multiple Routers Command Injection Vulnerability | Affected: D-Link / Multiple Routers | Description: Multiple D-Link routers contain a command injection vulnerability which can allow attackers to achieve full system compromise. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-16920"}, "references": [{"id": "CVE-2019-16920", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-16920"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Routers", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "D-Link", "vulnerabilityName": "D-Link Multiple Routers Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "34ba385a-18d7-4061-8a48-1c7438419763", "vulnerability": {"vulnId": "CVE-2020-9054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "34ba385a-18d7-4061-8a48-1c7438419763", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel Multiple NAS Devices OS Command Injection Vulnerability | Affected: Zyxel / Multiple Network-Attached Storage (NAS) Devices | Description: Multiple Zyxel network-attached storage (NAS) devices contain a pre-authentication command injection vulnerability, which may allow a remote, unauthenticated attacker to execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-9054"}, "references": [{"id": "CVE-2020-9054", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-9054"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Network-Attached Storage (NAS) Devices", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel Multiple NAS Devices OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d5625ee1-5a9d-4948-a213-f0a11ede722c", "vulnerability": {"vulnId": "CVE-2016-4171", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "d5625ee1-5a9d-4948-a213-f0a11ede722c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Remote Code Execution Vulnerability | Affected: Adobe / Flash Player | Description: Unspecified vulnerability in Adobe Flash Player allows for remote code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-4171"}, "references": [{"id": "CVE-2016-4171", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-4171"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "06bd45db-53b7-44ee-8ee3-89a95d3b4a39", "vulnerability": {"vulnId": "CVE-2014-0130", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "06bd45db-53b7-44ee-8ee3-89a95d3b4a39", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Ruby on Rails Directory Traversal Vulnerability | Affected: Rails / Ruby on Rails | Description: Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails allows remote attackers to read arbitrary files via a crafted request. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-0130"}, "references": [{"id": "CVE-2014-0130", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-0130"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Ruby on Rails", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Rails", "vulnerabilityName": "Ruby on Rails Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ff21fa49-83c3-4561-9678-df4206d079ea", "vulnerability": {"vulnId": "CVE-2019-6340", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "ff21fa49-83c3-4561-9678-df4206d079ea", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Drupal Core Remote Code Execution Vulnerability | Affected: Drupal / Core | Description: In Drupal Core, some field types do not properly sanitize data from non-form sources. This can lead to arbitrary PHP code execution in some cases. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-6340"}, "references": [{"id": "CVE-2019-6340", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-6340"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Core", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Drupal", "vulnerabilityName": "Drupal Core Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "13d51342-21a5-483d-8527-1abf0201fd60", "vulnerability": {"vulnId": "CVE-2009-2055", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "13d51342-21a5-483d-8527-1abf0201fd60", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability | Affected: Cisco / IOS XR | Description: Cisco IOS XR,when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2009-2055"}, "references": [{"id": "CVE-2009-2055", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-2055"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS XR", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ac6508e4-cb10-4568-b1d8-1a6b5afab497", "vulnerability": {"vulnId": "CVE-2019-2616", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "ac6508e4-cb10-4568-b1d8-1a6b5afab497", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle BI Publisher Unauthorized Access Vulnerability | Affected: Oracle / BI Publisher (Formerly XML Publisher) | Description: Oracle BI Publisher, formerly XML Publisher, contains an unspecified vulnerability that allows for various unauthorized actions. Open-source reporting attributes this vulnerability to allowing for authentication bypass. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-2616"}, "references": [{"id": "CVE-2019-2616", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-2616"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "BI Publisher (Formerly XML Publisher)", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Oracle", "vulnerabilityName": "Oracle BI Publisher Unauthorized Access Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e0b4854f-c895-4dc5-b1db-dbdd4a5dc7f0", "vulnerability": {"vulnId": "CVE-2021-42237", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e0b4854f-c895-4dc5-b1db-dbdd4a5dc7f0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Sitecore XP Remote Command Execution Vulnerability | Affected: Sitecore / XP | Description: Sitcore XP contains an insecure deserialization vulnerability which can allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-42237"}, "references": [{"id": "CVE-2021-42237", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-42237"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "XP", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Sitecore", "vulnerabilityName": "Sitecore XP Remote Command Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "dc04a08a-752f-4a6d-b664-66a975d4b18f", "vulnerability": {"vulnId": "CVE-2015-0666", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "dc04a08a-752f-4a6d-b664-66a975d4b18f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability | Affected: Cisco / Prime Data Center Network Manager (DCNM) | Description: Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) allows remote attackers to read arbitrary files. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-0666"}, "references": [{"id": "CVE-2015-0666", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-0666"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Prime Data Center Network Manager (DCNM)", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Prime Data Center Network Manager (DCNM) Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5169ac72-33ad-4b94-b0b8-0ed1139f572a", "vulnerability": {"vulnId": "CVE-2013-5223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "5169ac72-33ad-4b94-b0b8-0ed1139f572a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability | Affected: D-Link / DSL-2760U | Description: A cross-site scripting (XSS) vulnerability exists in the D-Link DSL-2760U gateway, allowing remote authenticated users to inject arbitrary web script or HTML. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-5223"}, "references": [{"id": "CVE-2013-5223", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-5223"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DSL-2760U", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DSL-2760U Gateway Cross-Site Scripting Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cc3b53b8-d9e8-45cf-a8b9-2201de86e016", "vulnerability": {"vulnId": "CVE-2016-1555", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "cc3b53b8-d9e8-45cf-a8b9-2201de86e016", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: NETGEAR Multiple WAP Devices Command Injection Vulnerability | Affected: NETGEAR / Wireless Access Point (WAP) Devices | Description: Multiple NETGEAR Wireless Access Point devices allows unauthenticated web pages to pass form input directly to the command-line interface. Exploitation allows for arbitrary code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-1555"}, "references": [{"id": "CVE-2016-1555", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-1555"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Wireless Access Point (WAP) Devices", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "NETGEAR", "vulnerabilityName": "NETGEAR Multiple WAP Devices Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "36af45e3-130f-4576-9e11-3599be69c631", "vulnerability": {"vulnId": "CVE-2017-6334", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "36af45e3-130f-4576-9e11-3599be69c631", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: NETGEAR DGN2200 Devices OS Command Injection Vulnerability | Affected: NETGEAR / DGN2200 Devices | Description: dnslookup.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6334"}, "references": [{"id": "CVE-2017-6334", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6334"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DGN2200 Devices", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "NETGEAR", "vulnerabilityName": "NETGEAR DGN2200 Devices OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3f8d091b-2d24-4233-80f8-4430806092a8", "vulnerability": {"vulnId": "CVE-2010-4344", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "3f8d091b-2d24-4233-80f8-4430806092a8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Exim Heap-Based Buffer Overflow Vulnerability | Affected: Exim / Exim | Description: Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-4344"}, "references": [{"id": "CVE-2010-4344", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-4344"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exim", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Exim", "vulnerabilityName": "Exim Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2ad979ea-9c27-4e62-88c2-feca91b5410a", "vulnerability": {"vulnId": "CVE-2018-6961", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2ad979ea-9c27-4e62-88c2-feca91b5410a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability | Affected: VMware / SD-WAN Edge | Description: VMware SD-WAN Edge by VeloCloud contains a command injection vulnerability in the local web UI component. Successful exploitation of this issue could result in remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-6961"}, "references": [{"id": "CVE-2018-6961", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-6961"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SD-WAN Edge", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "VMware", "vulnerabilityName": "VMware SD-WAN Edge by VeloCloud Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a81be918-433d-4fc0-a3ea-1f40151c2efc", "vulnerability": {"vulnId": "CVE-2016-11021", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "a81be918-433d-4fc0-a3ea-1f40151c2efc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DCS-930L Devices OS Command Injection Vulnerability | Affected: D-Link / DCS-930L Devices | Description: setSystemCommand on D-Link DCS-930L devices allows a remote attacker to execute code via an OS command. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-11021"}, "references": [{"id": "CVE-2016-11021", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-11021"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DCS-930L Devices", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DCS-930L Devices OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "54c7f9b1-8660-4360-82f7-8a9d0f201afa", "vulnerability": {"vulnId": "CVE-2022-21999", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "54c7f9b1-8660-4360-82f7-8a9d0f201afa", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Print Spooler Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Print Spooler contains an unspecified vulnerability which can allow for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-21999"}, "references": [{"id": "CVE-2022-21999", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-21999"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-40", "CWE-1386"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Print Spooler Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "4bc62bd3-2494-46ac-822a-d700c0e1ca2d", "vulnerability": {"vulnId": "CVE-2010-4345", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4bc62bd3-2494-46ac-822a-d700c0e1ca2d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Exim Privilege Escalation Vulnerability | Affected: Exim / Exim | Description: Exim allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate configuration file with a directive that contains arbitrary commands. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-4345"}, "references": [{"id": "CVE-2010-4345", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-4345"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exim", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Exim", "vulnerabilityName": "Exim Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4bd63a31-334e-4f1f-b2cb-b0bb1bc0b376", "vulnerability": {"vulnId": "CVE-2014-3120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4bd63a31-334e-4f1f-b2cb-b0bb1bc0b376", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Elasticsearch Remote Code Execution Vulnerability | Affected: Elastic / Elasticsearch | Description: Elasticsearch enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-3120"}, "references": [{"id": "CVE-2014-3120", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-3120"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Elasticsearch", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Elastic", "vulnerabilityName": "Elasticsearch Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e1fa3e09-5875-4799-bc9c-44c6605e8b52", "vulnerability": {"vulnId": "CVE-2019-11043", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e1fa3e09-5875-4799-bc9c-44c6605e8b52", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability | Affected: PHP / FastCGI Process Manager (FPM) | Description: In some versions of PHP in certain configurations of FPM setup, it is possible to cause FPM module to write past allocated buffers allowing the possibility of remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-11043"}, "references": [{"id": "CVE-2019-11043", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-11043"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-120"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FastCGI Process Manager (FPM)", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "PHP", "vulnerabilityName": "PHP FastCGI Process Manager (FPM) Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "4e8ba21b-0c3e-4a36-a159-52dddf0796b0", "vulnerability": {"vulnId": "CVE-2020-25223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4e8ba21b-0c3e-4a36-a159-52dddf0796b0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Sophos SG UTM Remote Code Execution Vulnerability | Affected: Sophos / SG UTM | Description: A remote code execution vulnerability exists in the WebAdmin of Sophos SG UTM. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-25223"}, "references": [{"id": "CVE-2020-25223", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-25223"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SG UTM", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Sophos", "vulnerabilityName": "Sophos SG UTM Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "aabf762c-9f19-4366-b007-8c1576730d6c", "vulnerability": {"vulnId": "CVE-2018-0147", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "aabf762c-9f19-4366-b007-8c1576730d6c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Secure Access Control System Java Deserialization Vulnerability | Affected: Cisco / Secure Access Control System (ACS) | Description: A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. The vulnerability is due to insecure deserialization of user-supplied content by the affected software. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0147"}, "references": [{"id": "CVE-2018-0147", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0147"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Secure Access Control System (ACS)", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Secure Access Control System Java Deserialization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "aa3ecbe8-4146-4d5e-a1e7-fbf73d2fc062", "vulnerability": {"vulnId": "CVE-2014-6332", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "aa3ecbe8-4146-4d5e-a1e7-fbf73d2fc062", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: OleAut32.dll in OLE in Microsoft Windows allows remote attackers to remotely execute code via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-6332"}, "references": [{"id": "CVE-2014-6332", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-6332"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Object Linking & Embedding (OLE) Automation Array Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8899911e-3ade-4596-bc08-985563425964", "vulnerability": {"vulnId": "CVE-2017-3881", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "8899911e-3ade-4596-bc08-985563425964", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Remote Code Execution Vulnerability | Affected: Cisco / IOS and IOS XE | Description: A vulnerability in the Cisco Cluster Management Protocol (CMP) processing code in Cisco IOS and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a reload of an affected device or remotely execute code with elevated privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-3881"}, "references": [{"id": "CVE-2017-3881", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-3881"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e26523b6-41c6-4e7e-bd3b-a49369c44066", "vulnerability": {"vulnId": "CVE-2012-1823", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e26523b6-41c6-4e7e-bd3b-a49369c44066", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: PHP-CGI Query String Parameter Vulnerability | Affected: PHP / PHP | Description: sapi/cgi/cgi_main.c in PHP, when configured as a CGI script, does not properly handle query strings, which allows remote attackers to execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-1823"}, "references": [{"id": "CVE-2012-1823", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-1823"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PHP", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "PHP", "vulnerabilityName": "PHP-CGI Query String Parameter Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "843e1d1e-e585-428c-939e-26bf6f59d828", "vulnerability": {"vulnId": "CVE-2017-6316", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "843e1d1e-e585-428c-939e-26bf6f59d828", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix Multiple Products Remote Code Execution Vulnerability | Affected: Citrix / NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server | Description: A vulnerability has been identified in the management interface of Citrix NetScaler SD-WAN Enterprise and Standard Edition and Citrix CloudBridge Virtual WAN Edition that could result in an unauthenticated, remote attacker being able to execute arbitrary code as a root user. This vulnerability also affects XenMobile Server. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6316"}, "references": [{"id": "CVE-2017-6316", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6316"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetScaler SD-WAN Enterprise, CloudBridge Virtual WAN, and XenMobile Server", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Citrix", "vulnerabilityName": "Citrix Multiple Products Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c2636288-b86a-46e4-97e4-e754ceac8ab1", "vulnerability": {"vulnId": "CVE-2019-12991", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "c2636288-b86a-46e4-97e4-e754ceac8ab1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix SD-WAN and NetScaler Command Injection Vulnerability | Affected: Citrix / SD-WAN and NetScaler | Description: Authenticated Command Injection in Citrix SD-WAN Appliance and NetScaler SD-WAN Appliance. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-12991"}, "references": [{"id": "CVE-2019-12991", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-12991"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SD-WAN and NetScaler", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Citrix", "vulnerabilityName": "Citrix SD-WAN and NetScaler Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4349daba-86f2-47b8-abe1-0d7a317403c5", "vulnerability": {"vulnId": "CVE-2013-4810", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "4349daba-86f2-47b8-abe1-0d7a317403c5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: HP Multiple Products Remote Code Execution Vulnerability | Affected: Hewlett Packard (HP) / ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management | Description: HP ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management allow remote attackers to execute arbitrary code via a marshalled object to (1) EJBInvokerServlet or (2) JMXInvokerServlet. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-4810"}, "references": [{"id": "CVE-2013-4810", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-4810"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ProCurve Manager (PCM), PCM+, Identity Driven Manager (IDM), and Application Lifecycle Management", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Hewlett Packard (HP)", "vulnerabilityName": "HP Multiple Products Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "82db75b3-6cd5-42d5-8225-9acacda3d549", "vulnerability": {"vulnId": "CVE-2021-22941", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "82db75b3-6cd5-42d5-8225-9acacda3d549", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix ShareFile Improper Access Control Vulnerability | Affected: Citrix / ShareFile | Description: Improper Access Control in Citrix ShareFile storage zones controller may allow an unauthenticated attacker to remotely compromise the storage zones controller. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-22941"}, "references": [{"id": "CVE-2021-22941", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22941"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ShareFile", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Citrix", "vulnerabilityName": "Citrix ShareFile Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "b04bfddd-5c71-4fdb-9c45-b125c3e96403", "vulnerability": {"vulnId": "CVE-2020-1631", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "b04bfddd-5c71-4fdb-9c45-b125c3e96403", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Juniper Junos OS Path Traversal Vulnerability | Affected: Juniper / Junos OS | Description: A path traversal vulnerability in the HTTP/HTTPS service used by J-Web, Web Authentication, Dynamic-VPN (DVPN), Firewall Authentication Pass-Through with Web-Redirect, and Zero Touch Provisioning (ZTP) allows an unauthenticated attacker to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-1631"}, "references": [{"id": "CVE-2020-1631", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1631"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22", "CWE-73"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Junos OS", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Juniper", "vulnerabilityName": "Juniper Junos OS Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "aacfbca5-56f0-4988-bfd9-50baad209bb2", "vulnerability": {"vulnId": "CVE-2020-1956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "aacfbca5-56f0-4988-bfd9-50baad209bb2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Kylin OS Command Injection Vulnerability | Affected: Apache / Kylin | Description: Apache Kylin contains an OS command injection vulnerability which could permit an attacker to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-1956"}, "references": [{"id": "CVE-2020-1956", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1956"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kylin", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Apache", "vulnerabilityName": "Apache Kylin OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "511b5b56-1c11-46f4-9f9c-40ba30f63591", "vulnerability": {"vulnId": "CVE-2020-5410", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "511b5b56-1c11-46f4-9f9c-40ba30f63591", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability | Affected: VMware Tanzu / Spring Cloud Configuration (Config) Server | Description: Spring, by VMware Tanzu, Cloud Config contains a path traversal vulnerability that allows applications to serve arbitrary configuration files. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-5410"}, "references": [{"id": "CVE-2020-5410", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-5410"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-23"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Spring Cloud Configuration (Config) Server", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "VMware Tanzu", "vulnerabilityName": "VMware Tanzu Spring Cloud Config Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e3423649-9a58-4653-8389-4009ce7d6d43", "vulnerability": {"vulnId": "CVE-2020-7247", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "e3423649-9a58-4653-8389-4009ce7d6d43", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: OpenSMTPD Remote Code Execution Vulnerability | Affected: OpenBSD / OpenSMTPD | Description: smtp_mailaddr in smtp_session.c in OpenSMTPD, as used in OpenBSD and other products, allows remote attackers to execute arbitrary commands as root via a crafted SMTP session. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-7247"}, "references": [{"id": "CVE-2020-7247", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-7247"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-755", "CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "OpenSMTPD", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "OpenBSD", "vulnerabilityName": "OpenSMTPD Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3dd104b4-1ea0-4ff5-9748-834388a700fd", "vulnerability": {"vulnId": "CVE-2018-8373", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "3dd104b4-1ea0-4ff5-9748-834388a700fd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer Scripting Engine | Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8373"}, "references": [{"id": "CVE-2018-8373", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8373"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer Scripting Engine", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Scripting Engine Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "047a5a3a-1e06-4782-af4c-ad78daba8aa0", "vulnerability": {"vulnId": "CVE-2018-11138", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "047a5a3a-1e06-4782-af4c-ad78daba8aa0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Quest KACE System Management Appliance Remote Command Execution Vulnerability | Affected: Quest / KACE System Management Appliance | Description: The '/common/download_agent_installer.php' script in the Quest KACE System Management Appliance is accessible by anonymous users and can be abused to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-11138"}, "references": [{"id": "CVE-2018-11138", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-11138"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "KACE System Management Appliance", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Quest", "vulnerabilityName": "Quest KACE System Management Appliance Remote Command Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2da655fd-b4ab-4d24-a230-2944c0e31735", "vulnerability": {"vulnId": "CVE-2015-1187", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "2da655fd-b4ab-4d24-a230-2944c0e31735", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability | Affected: D-Link and TRENDnet / Multiple Devices | Description: The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to perform remote code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-1187"}, "references": [{"id": "CVE-2015-1187", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-1187"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Devices", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "D-Link and TRENDnet", "vulnerabilityName": "D-Link and TRENDnet Multiple Devices Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7159fcab-1f68-4a61-9d7a-cb7d51c5a66d", "vulnerability": {"vulnId": "CVE-2009-1151", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "7159fcab-1f68-4a61-9d7a-cb7d51c5a66d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: phpMyAdmin Remote Code Execution Vulnerability | Affected: phpMyAdmin / phpMyAdmin | Description: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2009-1151"}, "references": [{"id": "CVE-2009-1151", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-1151"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "phpMyAdmin", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "phpMyAdmin", "vulnerabilityName": "phpMyAdmin Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "220c0cc3-7b16-43ae-94f6-864c60f1398a", "vulnerability": {"vulnId": "CVE-2019-15107", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "220c0cc3-7b16-43ae-94f6-864c60f1398a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Webmin Command Injection Vulnerability | Affected: Webmin / Webmin | Description: An issue was discovered in Webmin. The parameter old in password_change.cgi contains a command injection vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-15107"}, "references": [{"id": "CVE-2019-15107", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-15107"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Webmin", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Webmin", "vulnerabilityName": "Webmin Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "233c082e-e518-4d0c-a491-f04473e6f97b", "vulnerability": {"vulnId": "CVE-2015-3035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "233c082e-e518-4d0c-a491-f04473e6f97b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: TP-Link Multiple Archer Devices Directory Traversal Vulnerability | Affected: TP-Link / Multiple Archer Devices | Description: Directory traversal vulnerability in multiple TP-Link Archer devices allows remote attackers to read arbitrary files via a .. (dot dot) in the PATH_INFO to login/. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-3035"}, "references": [{"id": "CVE-2015-3035", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-3035"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Archer Devices", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "TP-Link", "vulnerabilityName": "TP-Link Multiple Archer Devices Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b2824eff-784d-406e-8746-dd8b34fbf7df", "vulnerability": {"vulnId": "CVE-2010-3035", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "b2824eff-784d-406e-8746-dd8b34fbf7df", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability | Affected: Cisco / IOS XR | Description: Cisco IOS XR, when BGP is the configured routing feature, allows remote attackers to cause a denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-3035"}, "references": [{"id": "CVE-2010-3035", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-3035"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS XR", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS XR Border Gateway Protocol (BGP) Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3254e210-422f-468b-a9f3-72ec8d6a9f83", "vulnerability": {"vulnId": "CVE-2022-26318", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-25T00:00:00+00:00"}, "gcve": {"object_uuid": "3254e210-422f-468b-a9f3-72ec8d6a9f83", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-25T00:00:00Z"}, "scope": {"notes": "KEV entry: WatchGuard Firebox and XTM Appliances Arbitrary Code Execution | Affected: WatchGuard / Firebox and XTM Appliances | Description: On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-26318"}, "references": [{"id": "CVE-2022-26318", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26318"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firebox and XTM Appliances", "due_date": "2022-04-15", "date_added": "2022-03-25", "vendorProject": "WatchGuard", "vulnerabilityName": "WatchGuard Firebox and XTM Appliances Arbitrary Code Execution", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e0327e22-2882-4bfd-85db-e7c7ad69e738", "vulnerability": {"vulnId": "CVE-2019-1405", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "e0327e22-2882-4bfd-85db-e7c7ad69e738", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when the Windows UPnP service improperly allows COM object creation. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1405"}, "references": [{"id": "CVE-2019-1405", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1405"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Universal Plug and Play (UPnP) Service Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3c9f4ee5-73f3-4f61-88d5-b1b228b6777d", "vulnerability": {"vulnId": "CVE-2019-1064", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "3c9f4ee5-73f3-4f61-88d5-b1b228b6777d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1064"}, "references": [{"id": "CVE-2019-1064", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1064"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "53a345f5-c6f4-4bff-8d7c-506e6092cd79", "vulnerability": {"vulnId": "CVE-2019-0543", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "53a345f5-c6f4-4bff-8d7c-506e6092cd79", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0543"}, "references": [{"id": "CVE-2019-0543", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0543"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "766440e7-e1ae-493b-92ec-bc6703340b15", "vulnerability": {"vulnId": "CVE-2015-2546", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "766440e7-e1ae-493b-92ec-bc6703340b15", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Memory Corruption Vulnerability | Affected: Microsoft / Win32k | Description: The kernel-mode driver in Microsoft Windows OS and Server allows local users to gain privileges via a crafted application. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-2546"}, "references": [{"id": "CVE-2015-2546", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2546"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2414f3bd-1e66-4eb4-9ab2-8c89c9e45def", "vulnerability": {"vulnId": "CVE-2020-5135", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "2414f3bd-1e66-4eb4-9ab2-8c89c9e45def", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SonicOS Buffer Overflow Vulnerability | Affected: SonicWall / SonicOS | Description: A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a malicious request to the firewall. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-5135"}, "references": [{"id": "CVE-2020-5135", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-5135"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-120"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SonicOS", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SonicOS Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0244a0b7-7eee-41b9-a8a5-a4a0c70e0e55", "vulnerability": {"vulnId": "CVE-2019-1253", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "0244a0b7-7eee-41b9-a8a5-a4a0c70e0e55", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when the Windows AppX Deployment Server improperly handles junctions. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1253"}, "references": [{"id": "CVE-2019-1253", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1253"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows AppX Deployment Server Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "858f7ee4-21c1-4d43-88b8-eb45371fa599", "vulnerability": {"vulnId": "CVE-2019-1129", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "858f7ee4-21c1-4d43-88b8-eb45371fa599", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1129"}, "references": [{"id": "CVE-2019-1129", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1129"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "59f6406d-a255-4e62-bf93-0d87379618b5", "vulnerability": {"vulnId": "CVE-2019-1069", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "59f6406d-a255-4e62-bf93-0d87379618b5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Task Scheduler Privilege Escalation Vulnerability | Affected: Microsoft / Task Scheduler | Description: A privilege escalation vulnerability exists in the way the Task Scheduler Service validates certain file operations. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1069"}, "references": [{"id": "CVE-2019-1069", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1069"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Task Scheduler", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Task Scheduler Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "4da15750-30de-4a99-9909-22faf04c9c42", "vulnerability": {"vulnId": "CVE-2019-1132", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "4da15750-30de-4a99-9909-22faf04c9c42", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1132"}, "references": [{"id": "CVE-2019-1132", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1132"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "94d80b23-8839-4473-8b68-20cf9d837d11", "vulnerability": {"vulnId": "CVE-2017-0101", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "94d80b23-8839-4473-8b68-20cf9d837d11", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Transaction Manager Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when the Windows Transaction Manager improperly handles objects in memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0101"}, "references": [{"id": "CVE-2017-0101", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0101"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Transaction Manager Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "50426b7b-c26f-4856-b7f1-a705b31d2b9e", "vulnerability": {"vulnId": "CVE-2019-0841", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "50426b7b-c26f-4856-b7f1-a705b31d2b9e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when Windows AppXSVC improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0841"}, "references": [{"id": "CVE-2019-0841", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0841"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows AppX Deployment Service (AppXSVC) Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "7ebed6ff-5534-46c8-8fcc-3e21f36ef3aa", "vulnerability": {"vulnId": "CVE-2019-1315", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "7ebed6ff-5534-46c8-8fcc-3e21f36ef3aa", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when Windows Error Reporting manager improperly handles hard links. An attacker who successfully exploited this vulnerability could overwrite a targeted file leading to an elevated status. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1315"}, "references": [{"id": "CVE-2019-1315", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1315"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Error Reporting Manager Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "7d1e754a-3c5e-4af9-9573-298a747f6d75", "vulnerability": {"vulnId": "CVE-2019-1322", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "7d1e754a-3c5e-4af9-9573-298a747f6d75", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when Windows improperly handles authentication requests. An attacker who successfully exploited this vulnerability could run processes in an elevated context. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1322"}, "references": [{"id": "CVE-2019-1322", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1322"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "17298b2a-bc68-48f1-9ee0-8c12da77d392", "vulnerability": {"vulnId": "CVE-2016-3309", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "17298b2a-bc68-48f1-9ee0-8c12da77d392", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-3309"}, "references": [{"id": "CVE-2016-3309", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3309"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "27f38bfe-f0ae-4e0d-90ef-629d3fc2b650", "vulnerability": {"vulnId": "CVE-2018-8120", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-15T00:00:00+00:00"}, "gcve": {"object_uuid": "27f38bfe-f0ae-4e0d-90ef-629d3fc2b650", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-04-05 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8120"}, "references": [{"id": "CVE-2018-8120", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8120"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-404"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-04-05", "date_added": "2022-03-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "5e8295a0-5b05-41bc-9fcc-0289f585190c", "vulnerability": {"vulnId": "CVE-2022-26485", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "5e8295a0-5b05-41bc-9fcc-0289f585190c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Firefox Use-After-Free Vulnerability | Affected: Mozilla / Firefox | Description: Mozilla Firefox contains a use-after-free vulnerability in XSLT parameter processing which can be exploited to perform arbitrary code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-26485"}, "references": [{"id": "CVE-2022-26485", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26485"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firefox", "due_date": "2022-03-21", "date_added": "2022-03-07", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Firefox Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "28256d15-2392-41c2-a3cd-06012e9c7a7a", "vulnerability": {"vulnId": "CVE-2020-8218", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "28256d15-2392-41c2-a3cd-06012e9c7a7a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Pulse Connect Secure Code Injection Vulnerability | Affected: Pulse Secure / Pulse Connect Secure | Description: A code injection vulnerability exists in Pulse Connect Secure that allows an attacker to crafted a URI to perform an arbitrary code execution via the admin web interface. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8218"}, "references": [{"id": "CVE-2020-8218", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8218"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pulse Connect Secure", "due_date": "2022-09-07", "date_added": "2022-03-07", "vendorProject": "Pulse Secure", "vulnerabilityName": "Pulse Connect Secure Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cef0216d-ee00-4b82-ba5b-87a07ae5c78c", "vulnerability": {"vulnId": "CVE-2021-21973", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "cef0216d-ee00-4b82-ba5b-87a07ae5c78c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability | Affected: VMware / vCenter Server and Cloud Foundation | Description: VMware vCenter Server and Cloud Foundation Server contain a SSRF vulnerability due to improper validation of URLs in a vCenter Server plugin. This allows for information disclosure. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21973"}, "references": [{"id": "CVE-2021-21973", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21973"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server and Cloud Foundation", "due_date": "2022-03-21", "date_added": "2022-03-07", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server and Cloud Foundation Server Side Request Forgery (SSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e1f8a9cc-3101-44b7-b24f-696f01f4a038", "vulnerability": {"vulnId": "CVE-2013-0629", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "e1f8a9cc-3101-44b7-b24f-696f01f4a038", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Directory Traversal Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe Coldfusion contains a directory traversal vulnerability, which could permit an unauthorized user access to restricted directories. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-0629"}, "references": [{"id": "CVE-2013-0629", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0629"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2022-09-07", "date_added": "2022-03-07", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "65773ff9-672a-4afb-8ef2-2f209dda9cfc", "vulnerability": {"vulnId": "CVE-2013-0631", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "65773ff9-672a-4afb-8ef2-2f209dda9cfc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Information Disclosure Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe Coldfusion contains an unspecified vulnerability, which could result in information disclosure from a compromised server. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-0631"}, "references": [{"id": "CVE-2013-0631", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0631"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2022-09-07", "date_added": "2022-03-07", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ebe90605-465c-40a7-9cc7-2f69d3c7baf6", "vulnerability": {"vulnId": "CVE-2013-0625", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "ebe90605-465c-40a7-9cc7-2f69d3c7baf6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Authentication Bypass Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe Coldfusion contains an authentication bypass vulnerability, which could result in an unauthorized user gaining administrative access. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-0625"}, "references": [{"id": "CVE-2013-0625", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0625"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-255"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2022-09-07", "date_added": "2022-03-07", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5ebdca71-ae6a-480c-972d-81c2edfff058", "vulnerability": {"vulnId": "CVE-2009-3960", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "5ebdca71-ae6a-480c-972d-81c2edfff058", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe BlazeDS Information Disclosure Vulnerability | Affected: Adobe / BlazeDS | Description: Adobe BlazeDS, which is utilized in LifeCycle and Coldfusion, contains a vulnerability that allows for information disclosure. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-07 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2009-3960"}, "references": [{"id": "CVE-2009-3960", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-3960"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "BlazeDS", "due_date": "2022-09-07", "date_added": "2022-03-07", "vendorProject": "Adobe", "vulnerabilityName": "Adobe BlazeDS Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "ddff2a1c-c542-4528-b90d-8883ef68bf07", "vulnerability": {"vulnId": "CVE-2019-11581", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "ddff2a1c-c542-4528-b90d-8883ef68bf07", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability | Affected: Atlassian / Jira Server and Data Center | Description: Atlassian Jira Server and Data Center contain a server-side template injection vulnerability which can allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-11581"}, "references": [{"id": "CVE-2019-11581", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-11581"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Jira Server and Data Center", "due_date": "2022-09-07", "date_added": "2022-03-07", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Jira Server and Data Center Server-Side Template Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3076fa1a-c9cf-4c56-b272-205ad1fc7e69", "vulnerability": {"vulnId": "CVE-2016-6277", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "3076fa1a-c9cf-4c56-b272-205ad1fc7e69", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: NETGEAR Multiple Routers Remote Code Execution Vulnerability | Affected: NETGEAR / Multiple Routers | Description: NETGEAR confirmed multiple routers allow unauthenticated web pages to pass form input directly to the command-line interface, permitting remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-6277"}, "references": [{"id": "CVE-2016-6277", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-6277"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-352"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Routers", "due_date": "2022-09-07", "date_added": "2022-03-07", "vendorProject": "NETGEAR", "vulnerabilityName": "NETGEAR Multiple Routers Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c5376e9e-494b-4716-baca-0eb64d393066", "vulnerability": {"vulnId": "CVE-2022-26486", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "c5376e9e-494b-4716-baca-0eb64d393066", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Firefox Use-After-Free Vulnerability | Affected: Mozilla / Firefox | Description: Mozilla Firefox contains a use-after-free vulnerability in WebGPU IPC Framework which can be exploited to perform arbitrary code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-26486"}, "references": [{"id": "CVE-2022-26486", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-26486"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firefox", "due_date": "2022-03-21", "date_added": "2022-03-07", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Firefox Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b87458e2-210e-47fd-925c-81d2d656c57b", "vulnerability": {"vulnId": "CVE-2017-6077", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-07T00:00:00+00:00"}, "gcve": {"object_uuid": "b87458e2-210e-47fd-925c-81d2d656c57b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-07T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-07T00:00:00Z"}, "scope": {"notes": "KEV entry: NETGEAR DGN2200 Remote Code Execution Vulnerability | Affected: NETGEAR / Wireless Router DGN2200 | Description: NETGEAR DGN2200 wireless routers contain a vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-09-07 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6077"}, "references": [{"id": "CVE-2017-6077", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6077"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Wireless Router DGN2200", "due_date": "2022-09-07", "date_added": "2022-03-07", "vendorProject": "NETGEAR", "vulnerabilityName": "NETGEAR DGN2200 Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "28b70e5e-8c50-4651-8c3e-e869f1e07308", "vulnerability": {"vulnId": "CVE-2022-20708", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "28b70e5e-8c50-4651-8c3e-e869f1e07308", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | Affected: Cisco / Small Business RV160, RV260, RV340, and RV345 Series Routers | Description: A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-20708"}, "references": [{"id": "CVE-2022-20708", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-20708"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-121"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Small Business RV160, RV260, RV340, and RV345 Series Routers", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "70cb61ae-53df-49ac-bf55-a5f193754abe", "vulnerability": {"vulnId": "CVE-2013-0641", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "70cb61ae-53df-49ac-bf55-a5f193754abe", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Reader Buffer Overflow Vulnerability | Affected: Adobe / Reader | Description: A buffer overflow vulnerability exists in Adobe Reader which allows an attacker to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-0641"}, "references": [{"id": "CVE-2013-0641", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0641"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-120"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Reader", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Reader Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "def36fc6-599e-40ef-91c8-42ad55078071", "vulnerability": {"vulnId": "CVE-2017-6627", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "def36fc6-599e-40ef-91c8-42ad55078071", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: A vulnerability in the UDP processing code of Cisco IOS and IOS XE could allow an unauthenticated, remote attacker to cause the input queue of an affected system to hold UDP packets, causing an interface queue wedge and denial of service. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6627"}, "references": [{"id": "CVE-2017-6627", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6627"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software and Cisco IOS XE Software UDP Packet Processing Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a7e78b72-353c-44cc-891c-8a49b5992c92", "vulnerability": {"vulnId": "CVE-2012-4681", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a7e78b72-353c-44cc-891c-8a49b5992c92", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | Affected: Oracle / Java SE | Description: The Java Runtime Environment (JRE) component in Oracle Java SE allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-4681"}, "references": [{"id": "CVE-2012-4681", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-4681"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java SE", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "397d6200-67e6-4d4e-b372-5b5d8c6332fe", "vulnerability": {"vulnId": "CVE-2020-11899", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "397d6200-67e6-4d4e-b372-5b5d8c6332fe", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Treck TCP/IP stack Out-of-Bounds Read Vulnerability | Affected: Treck TCP/IP stack / IPv6 | Description: The Treck TCP/IP stack contains an IPv6 out-of-bounds read vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-11899"}, "references": [{"id": "CVE-2020-11899", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11899"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-125"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IPv6", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Treck TCP/IP stack", "vulnerabilityName": "Treck TCP/IP stack Out-of-Bounds Read Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dcfe1baa-b637-4b9b-9c9b-eaa21c4307ab", "vulnerability": {"vulnId": "CVE-2022-20703", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "dcfe1baa-b637-4b9b-9c9b-eaa21c4307ab", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | Affected: Cisco / Small Business RV160, RV260, RV340, and RV345 Series Routers | Description: A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-20703"}, "references": [{"id": "CVE-2022-20703", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-20703"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-347"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Small Business RV160, RV260, RV340, and RV345 Series Routers", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9a1f51cb-3217-41ac-8ed6-303984ebfc95", "vulnerability": {"vulnId": "CVE-2011-1889", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9a1f51cb-3217-41ac-8ed6-303984ebfc95", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Forefront TMG Remote Code Execution Vulnerability | Affected: Microsoft / Forefront Threat Management Gateway (TMG) | Description: A remote code execution vulnerability exists in the Forefront Threat Management Gateway (TMG) Firewall Client Winsock provider that could allow code execution in the security context of the client application. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2011-1889"}, "references": [{"id": "CVE-2011-1889", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-1889"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Forefront Threat Management Gateway (TMG)", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Forefront TMG Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1128272a-1c30-4c3f-a40b-2008eee9cecb", "vulnerability": {"vulnId": "CVE-2022-20701", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1128272a-1c30-4c3f-a40b-2008eee9cecb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | Affected: Cisco / Small Business RV160, RV260, RV340, and RV345 Series Routers | Description: A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-20701"}, "references": [{"id": "CVE-2022-20701", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-20701"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-121"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Small Business RV160, RV260, RV340, and RV345 Series Routers", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "339f8347-5a06-46fe-b296-e69fecc43f35", "vulnerability": {"vulnId": "CVE-2016-7855", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "339f8347-5a06-46fe-b296-e69fecc43f35", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Use-After-Free Vulnerability | Affected: Adobe / Flash Player | Description: Use-after-free vulnerability in Adobe Flash Player Windows and OS and Linux allows remote attackers to execute arbitrary code. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-7855"}, "references": [{"id": "CVE-2016-7855", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-7855"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e1993c71-a1b5-49fe-99cf-66f485f81433", "vulnerability": {"vulnId": "CVE-2014-4114", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e1993c71-a1b5-49fe-99cf-66f485f81433", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: A vulnerability exists in Windows Object Linking & Embedding (OLE) that could allow remote code execution if a user opens a file that contains a specially crafted OLE object. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-4114"}, "references": [{"id": "CVE-2014-4114", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-4114"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Object Linking & Embedding (OLE) Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dbf7823b-6ce0-4bff-8001-902f00f9a7dc", "vulnerability": {"vulnId": "CVE-2014-0496", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "dbf7823b-6ce0-4bff-8001-902f00f9a7dc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Reader and Acrobat Use-After-Free Vulnerability | Affected: Adobe / Reader and Acrobat | Description: Adobe Reader and Acrobat contain a use-after-free vulnerability which can allow for code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-0496"}, "references": [{"id": "CVE-2014-0496", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-0496"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Reader and Acrobat", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Reader and Acrobat Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e25c322d-979f-4ef0-a730-7525970c1923", "vulnerability": {"vulnId": "CVE-2015-3043", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e25c322d-979f-4ef0-a730-7525970c1923", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Memory Corruption Vulnerability | Affected: Adobe / Flash Player | Description: A memory corruption vulnerability exists in Adobe Flash Player that allows an attacker to perform remote code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-3043"}, "references": [{"id": "CVE-2015-3043", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-3043"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5938d436-f4f4-4e9d-a773-cb13aaf83e3e", "vulnerability": {"vulnId": "CVE-2017-12235", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5938d436-f4f4-4e9d-a773-cb13aaf83e3e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability | Affected: Cisco / IOS software | Description: A vulnerability in the implementation of the PROFINET Discovery and Configuration Protocol (PN-DCP) for Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12235"}, "references": [{"id": "CVE-2017-12235", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12235"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software for Cisco Industrial Ethernet Switches PROFINET Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "01d177ed-a949-4b34-8f48-9444e4748db7", "vulnerability": {"vulnId": "CVE-2019-1297", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "01d177ed-a949-4b34-8f48-9444e4748db7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Excel Remote Code Execution Vulnerability | Affected: Microsoft / Excel | Description: A remote code execution vulnerability exists in Microsoft Excel when the software fails to properly handle objects in memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1297"}, "references": [{"id": "CVE-2019-1297", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1297"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Excel", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Excel Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "32772198-5f2d-4316-b706-0f9f7a9488bc", "vulnerability": {"vulnId": "CVE-2011-0611", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "32772198-5f2d-4316-b706-0f9f7a9488bc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Remote Code Execution Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains a vulnerability that allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted Flash content. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2011-0611"}, "references": [{"id": "CVE-2011-0611", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-0611"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7af0d563-8331-4a35-8edc-7730d9ba2d61", "vulnerability": {"vulnId": "CVE-2017-0261", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7af0d563-8331-4a35-8edc-7730d9ba2d61", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Use-After-Free Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office contains a use-after-free vulnerability which can allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0261"}, "references": [{"id": "CVE-2017-0261", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0261"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e43ad054-a927-4f88-b6aa-ec9762c0bb9b", "vulnerability": {"vulnId": "CVE-2015-7645", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e43ad054-a927-4f88-b6aa-ec9762c0bb9b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Arbitrary Code Execution Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player allows remote attackers to execute arbitrary code via a crafted SWF file. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-7645"}, "references": [{"id": "CVE-2015-7645", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-7645"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Arbitrary Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "e4652380-1e4c-49c2-b3cc-7dedc133ae38", "vulnerability": {"vulnId": "CVE-2018-8298", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e4652380-1e4c-49c2-b3cc-7dedc133ae38", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: ChakraCore Scripting Engine Type Confusion Vulnerability | Affected: ChakraCore / ChakraCore scripting engine | Description: The ChakraCore scripting engine contains a type confusion vulnerability which can allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8298"}, "references": [{"id": "CVE-2018-8298", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8298"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ChakraCore scripting engine", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "ChakraCore", "vulnerabilityName": "ChakraCore Scripting Engine Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dc35b5c3-ef38-4d15-a0f7-40d39ac89b22", "vulnerability": {"vulnId": "CVE-2015-2590", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "dc35b5c3-ef38-4d15-a0f7-40d39ac89b22", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability | Affected: Oracle / Java SE | Description: An unspecified vulnerability exists within Oracle Java Runtime Environment that allows an attacker to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-2590"}, "references": [{"id": "CVE-2015-2590", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2590"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java SE", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e4aea598-7942-45ee-b47c-d72aff755b56", "vulnerability": {"vulnId": "CVE-2009-3129", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e4aea598-7942-45ee-b47c-d72aff755b56", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Excel Featheader Record Memory Corruption Vulnerability | Affected: Microsoft / Excel | Description: Microsoft Office Excel allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2009-3129"}, "references": [{"id": "CVE-2009-3129", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-3129"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Excel", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Excel Featheader Record Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6dd6cc5d-91c0-4840-874f-67454271a219", "vulnerability": {"vulnId": "CVE-2017-6737", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6dd6cc5d-91c0-4840-874f-67454271a219", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6737"}, "references": [{"id": "CVE-2017-6737", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6737"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ac6ece4f-2e5f-4ed1-915a-41420dba6f49", "vulnerability": {"vulnId": "CVE-2015-2387", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ac6ece4f-2e5f-4ed1-915a-41420dba6f49", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft ATM Font Driver Privilege Escalation Vulnerability | Affected: Microsoft / ATM Font Driver | Description: ATMFD.DLL in the Adobe Type Manager Font Driver in Microsoft Windows Server allows local users to gain privileges via a crafted application. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-2387"}, "references": [{"id": "CVE-2015-2387", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2387"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ATM Font Driver", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft ATM Font Driver Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e6701031-d4c8-4bb9-8022-c35fe85ba92a", "vulnerability": {"vulnId": "CVE-2013-3346", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e6701031-d4c8-4bb9-8022-c35fe85ba92a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Reader and Acrobat Memory Corruption Vulnerability | Affected: Adobe / Reader and Acrobat | Description: Adobe Reader and Acrobat contain a memory corruption vulnerability which can allow attackers to execute arbitrary code or cause a denial of service. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-3346"}, "references": [{"id": "CVE-2013-3346", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-3346"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Reader and Acrobat", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Reader and Acrobat Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "21e0649f-bed6-4d52-9d71-f26389f813e8", "vulnerability": {"vulnId": "CVE-2017-12238", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "21e0649f-bed6-4d52-9d71-f26389f813e8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability | Affected: Cisco / Catalyst 6800 Series Switches | Description: A vulnerability in the Virtual Private LAN Service (VPLS) code of Cisco IOS for Cisco Catalyst 6800 Series Switches could allow an unauthenticated, adjacent attacker to cause a denial of service. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12238"}, "references": [{"id": "CVE-2017-12238", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12238"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Catalyst 6800 Series Switches", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Catalyst 6800 Series Switches VPLS Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2dad3ab1-6171-4bb1-8cf2-2542f99213b0", "vulnerability": {"vulnId": "CVE-2004-0210", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2dad3ab1-6171-4bb1-8cf2-2542f99213b0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege elevation vulnerability exists in the POSIX subsystem. This vulnerability could allow a logged on user to take complete control of the system. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2004-0210"}, "references": [{"id": "CVE-2004-0210", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2004-0210"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-120"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "87737e04-73fd-4313-9443-7ee1fe24892d", "vulnerability": {"vulnId": "CVE-2018-0175", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "87737e04-73fd-4313-9443-7ee1fe24892d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability | Affected: Cisco / IOS, XR, and XE Software | Description: Format string vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges on an affected device. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0175"}, "references": [{"id": "CVE-2018-0175", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0175"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS, XR, and XE Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6d74e02c-a231-42ea-9cdc-e09c58aedffa", "vulnerability": {"vulnId": "CVE-2015-1701", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6d74e02c-a231-42ea-9cdc-e09c58aedffa", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: An unspecified vulnerability exists in the Win32k.sys kernel-mode driver in Microsoft Windows Server that allows a local attacker to execute arbitrary code with elevated privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-1701"}, "references": [{"id": "CVE-2015-1701", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-1701"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "93e9012e-0bc9-4ddf-b667-fbb58fc50042", "vulnerability": {"vulnId": "CVE-2018-0167", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "93e9012e-0bc9-4ddf-b667-fbb58fc50042", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability | Affected: Cisco / IOS, XR, and XE Software | Description: There is a buffer overflow vulnerability in the Link Layer Discovery Protocol (LLDP) subsystem of Cisco IOS Software, Cisco IOS XE Software, and Cisco IOS XR Software which could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition or execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0167"}, "references": [{"id": "CVE-2018-0167", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0167"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS, XR, and XE Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS, XR, and XE Software Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ade583c3-6775-4b46-a8ca-013f3e7d662e", "vulnerability": {"vulnId": "CVE-2017-6739", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ade583c3-6775-4b46-a8ca-013f3e7d662e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6739"}, "references": [{"id": "CVE-2017-6739", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6739"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ea1291df-0a08-4189-a95d-28643700d817", "vulnerability": {"vulnId": "CVE-2018-0159", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ea1291df-0a08-4189-a95d-28643700d817", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability | Affected: Cisco / IOS Software and Cisco IOS XE Software | Description: A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0159"}, "references": [{"id": "CVE-2018-0159", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0159"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS Software and Cisco IOS XE Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and XE Software Internet Key Exchange Version 1 Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "929a4aaf-a631-4172-a752-b8773976b091", "vulnerability": {"vulnId": "CVE-2015-1642", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "929a4aaf-a631-4172-a752-b8773976b091", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Memory Corruption Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office contains a memory corruption vulnerability that allows remote attackers to execute arbitrary code via a crafted document. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-1642"}, "references": [{"id": "CVE-2015-1642", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-1642"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "27b85fa9-3025-421d-a475-6cbed1b15a55", "vulnerability": {"vulnId": "CVE-2017-6736", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "27b85fa9-3025-421d-a475-6cbed1b15a55", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6736"}, "references": [{"id": "CVE-2017-6736", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6736"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ebbbc8e6-552b-4c5b-ac94-b022c797fb03", "vulnerability": {"vulnId": "CVE-2016-1019", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ebbbc8e6-552b-4c5b-ac94-b022c797fb03", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Arbitrary Code Execution Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player allows remote attackers to cause a denial of service or possibly execute arbitrary code. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-1019"}, "references": [{"id": "CVE-2016-1019", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-1019"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Arbitrary Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "ebed6f53-64d6-4f10-aeb2-b2d6c4c12c75", "vulnerability": {"vulnId": "CVE-2017-12237", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ebed6f53-64d6-4f10-aeb2-b2d6c4c12c75", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: A vulnerability in the Internet Key Exchange Version 2 (IKEv2) module of Cisco IOS and Cisco IOS XE could allow an unauthenticated, remote attacker to cause high CPU utilization, traceback messages, or a reload of an affected device that leads to a denial of service. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12237"}, "references": [{"id": "CVE-2017-12237", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12237"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software Internet Key Exchange Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "27967f44-7b8c-4782-9376-b486f59b65e0", "vulnerability": {"vulnId": "CVE-2017-6740", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "27967f44-7b8c-4782-9376-b486f59b65e0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6740"}, "references": [{"id": "CVE-2017-6740", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6740"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ecb183cc-3771-4044-86a6-fd99a4403082", "vulnerability": {"vulnId": "CVE-2012-1723", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ecb183cc-3771-4044-86a6-fd99a4403082", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | Affected: Oracle / Java SE | Description: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE allows remote attackers to affect confidentiality, integrity, and availability via Unknown vectors related to Hotspot. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-1723"}, "references": [{"id": "CVE-2012-1723", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-1723"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java SE", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "afe92148-acf5-4d37-8669-4816f221b535", "vulnerability": {"vulnId": "CVE-2012-1535", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "afe92148-acf5-4d37-8669-4816f221b535", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Arbitrary Code Execution Vulnerability | Affected: Adobe / Flash Player | Description: Unspecified vulnerability in Adobe Flash Player allows remote attackers to execute arbitrary code or cause a denial of service via crafted SWF content. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-1535"}, "references": [{"id": "CVE-2012-1535", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-1535"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Arbitrary Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ef8ebd8c-9aa8-423f-abfc-783af2b22530", "vulnerability": {"vulnId": "CVE-2017-12240", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ef8ebd8c-9aa8-423f-abfc-783af2b22530", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: The Dynamic Host Configuration Protocol (DHCP) relay subsystem of Cisco IOS and Cisco IOS XE Software contains a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code and gain full control of an affected system. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12240"}, "references": [{"id": "CVE-2017-12240", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12240"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software DHCP Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "210e3ecc-c387-448f-a852-611e48bba668", "vulnerability": {"vulnId": "CVE-2012-1856", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "210e3ecc-c387-448f-a852-611e48bba668", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability | Affected: Microsoft / Office | Description: The TabStrip ActiveX control in the Common Controls in MSCOMCTL.OCX in Microsoft Office allows remote attackers to execute arbitrary code via a crafted (1) document or (2) web page that triggers system-state corruption. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-1856"}, "references": [{"id": "CVE-2012-1856", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-1856"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office MSCOMCTL.OCX Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4a062526-e8d3-4d8a-9eb3-a473c4f4f016", "vulnerability": {"vulnId": "CVE-2018-0174", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4a062526-e8d3-4d8a-9eb3-a473c4f4f016", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability | Affected: Cisco / IOS XE Software | Description: A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0174"}, "references": [{"id": "CVE-2018-0174", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0174"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS XE Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software and Cisco IOS XE Software Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b3396471-4385-49a1-aa8f-d52a9c2cc11b", "vulnerability": {"vulnId": "CVE-2010-0188", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b3396471-4385-49a1-aa8f-d52a9c2cc11b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability | Affected: Adobe / Reader and Acrobat | Description: Unspecified vulnerability in Adobe Reader and Acrobat allows attackers to cause a denial of service or possibly execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-0188"}, "references": [{"id": "CVE-2010-0188", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-0188"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Reader and Acrobat", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "1b6994db-86fa-4123-a8cd-380c487af562", "vulnerability": {"vulnId": "CVE-2016-5195", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1b6994db-86fa-4123-a8cd-380c487af562", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Race Condition Vulnerability | Affected: Linux / Kernel | Description: Race condition in mm/gup.c in the Linux kernel allows local users to escalate privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-5195"}, "references": [{"id": "CVE-2016-5195", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-5195"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-362"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Race Condition Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fe9f6118-524f-47b7-8df0-42ffda84b39c", "vulnerability": {"vulnId": "CVE-2016-7193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fe9f6118-524f-47b7-8df0-42ffda84b39c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Memory Corruption Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office contains a memory corruption vulnerability which can allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-7193"}, "references": [{"id": "CVE-2016-7193", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-7193"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f48fd5ac-babe-4691-8657-68ea2a016924", "vulnerability": {"vulnId": "CVE-2019-16928", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f48fd5ac-babe-4691-8657-68ea2a016924", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Exim Out-of-bounds Write Vulnerability | Affected: Exim / Exim Internet Mailer | Description: Exim contains an out-of-bounds write vulnerability which can allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-16928"}, "references": [{"id": "CVE-2019-16928", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-16928"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exim Internet Mailer", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Exim", "vulnerabilityName": "Exim Out-of-bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1a6a6d68-b8af-4e6d-baa3-bdd7fa85a1a3", "vulnerability": {"vulnId": "CVE-2017-11826", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1a6a6d68-b8af-4e6d-baa3-bdd7fa85a1a3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Remote Code Execution Vulnerability | Affected: Microsoft / Office | Description: A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-11826"}, "references": [{"id": "CVE-2017-11826", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-11826"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7bd85252-0785-412b-9717-89b6a667ae2b", "vulnerability": {"vulnId": "CVE-2017-6663", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7bd85252-0785-412b-9717-89b6a667ae2b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: A vulnerability in the Autonomic Networking feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause autonomic nodes of an affected system to reload, resulting in denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6663"}, "references": [{"id": "CVE-2017-6663", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6663"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software and Cisco IOS XE Software Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "143b8fab-2137-4586-a559-1e897630a8c0", "vulnerability": {"vulnId": "CVE-2011-3544", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "143b8fab-2137-4586-a559-1e897630a8c0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | Affected: Oracle / Java SE JDK and JRE | Description: An access control vulnerability exists in the Applet Rhino Script Engine component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2011-3544"}, "references": [{"id": "CVE-2011-3544", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2011-3544"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java SE JDK and JRE", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "04e71227-7785-4ca5-858e-b6d42845f8de", "vulnerability": {"vulnId": "CVE-2020-1938", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "04e71227-7785-4ca5-858e-b6d42845f8de", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Tomcat Improper Privilege Management Vulnerability | Affected: Apache / Tomcat | Description: Apache Tomcat treats Apache JServ Protocol (AJP) connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-1938"}, "references": [{"id": "CVE-2020-1938", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1938"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Tomcat", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Apache", "vulnerabilityName": "Apache Tomcat Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "77c01455-3a4a-44b6-945f-710f431380b5", "vulnerability": {"vulnId": "CVE-2017-6738", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "77c01455-3a4a-44b6-945f-710f431380b5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6738"}, "references": [{"id": "CVE-2017-6738", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6738"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0f89510b-2f7a-4013-b016-2d0b565e4947", "vulnerability": {"vulnId": "CVE-2010-3333", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0f89510b-2f7a-4013-b016-2d0b565e4947", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Stack-based Buffer Overflow Vulnerability | Affected: Microsoft / Office | Description: A stack-based buffer overflow vulnerability exists in the parsing of RTF data in Microsoft Office and earlier allows an attacker to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-3333"}, "references": [{"id": "CVE-2010-3333", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-3333"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Stack-based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f9409ad7-2264-4643-a1f8-f7e7fde1eaf3", "vulnerability": {"vulnId": "CVE-2018-0158", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f9409ad7-2264-4643-a1f8-f7e7fde1eaf3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability | Affected: Cisco / IOS Software and Cisco IOS XE Software | Description: A vulnerability in the implementation of Internet Key Exchange Version 1 (IKEv1) functionality in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial-of-service (DoS) condition. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0158"}, "references": [{"id": "CVE-2018-0158", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0158"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS Software and Cisco IOS XE Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and XE Software Internet Key Exchange Memory Leak Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "94d40159-9dc7-430d-a215-54ae8f29c41e", "vulnerability": {"vulnId": "CVE-2017-12233", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "94d40159-9dc7-430d-a215-54ae8f29c41e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability | Affected: Cisco / IOS software | Description: There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12233"}, "references": [{"id": "CVE-2017-12233", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12233"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0e3a42be-3f7e-4342-bad7-134303440154", "vulnerability": {"vulnId": "CVE-2013-1347", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0e3a42be-3f7e-4342-bad7-134303440154", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Remote Code Execution Vulnerability | Affected: Microsoft / Internet Explorer | Description: This vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-1347"}, "references": [{"id": "CVE-2013-1347", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-1347"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9cc2b8fc-9b4d-47d6-82df-7d1f6124b5e0", "vulnerability": {"vulnId": "CVE-2017-12319", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9cc2b8fc-9b4d-47d6-82df-7d1f6124b5e0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability | Affected: Cisco / IOS XE Software | Description: A vulnerability in the Border Gateway Protocol (BGP) over an Ethernet Virtual Private Network (EVPN) for Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause the device to reload, resulting in a denial of service (DoS) condition, or potentially corrupt the BGP routing table, which could result in network instability. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12319"}, "references": [{"id": "CVE-2017-12319", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12319"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS XE Software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS XE Software Ethernet Virtual Private Network Border Gateway Protocol Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fb2a0fdc-8845-4193-ba45-fefbd4a8e11f", "vulnerability": {"vulnId": "CVE-2016-8562", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fb2a0fdc-8845-4193-ba45-fefbd4a8e11f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability | Affected: Siemens / SIMATIC CP | Description: An improper privilege management vulnerability exists within the Siemens SIMATIC Communication Processor (CP) that allows a privileged attacker to remotely cause a denial of service. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-8562"}, "references": [{"id": "CVE-2016-8562", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-8562"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SIMATIC CP", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Siemens", "vulnerabilityName": "Siemens SIMATIC CP 1543-1 Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "398e03f6-d78c-40c9-851b-bdc16ecc26ea", "vulnerability": {"vulnId": "CVE-2017-6743", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "398e03f6-d78c-40c9-851b-bdc16ecc26ea", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS and IOS XE contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6743"}, "references": [{"id": "CVE-2017-6743", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6743"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software SNMP Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "44d36ae5-2cc7-4413-9120-693095e39276", "vulnerability": {"vulnId": "CVE-2002-0367", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "44d36ae5-2cc7-4413-9120-693095e39276", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: smss.exe debugging subsystem in Microsoft Windows does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2002-0367"}, "references": [{"id": "CVE-2002-0367", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2002-0367"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "079b6534-63dd-45ec-aab9-2f86afb3101f", "vulnerability": {"vulnId": "CVE-2016-4117", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "079b6534-63dd-45ec-aab9-2f86afb3101f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Arbitrary Code Execution Vulnerability | Affected: Adobe / Flash Player | Description: An access of resource using incompatible type vulnerability exists within Adobe Flash Player that allows an attacker to perform remote code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-4117"}, "references": [{"id": "CVE-2016-4117", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-4117"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Arbitrary Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "06b11e7a-7d06-4570-961d-d07fcb29b95d", "vulnerability": {"vulnId": "CVE-2013-1675", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "06b11e7a-7d06-4570-961d-d07fcb29b95d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Firefox Information Disclosure Vulnerability | Affected: Mozilla / Firefox | Description: Mozilla Firefox does not properly initialize data structures for the nsDOMSVGZoomEvent::mPreviousScale and nsDOMSVGZoomEvent::mNewScale functions, which allows remote attackers to obtain sensitive information from process memory via a crafted web site. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-1675"}, "references": [{"id": "CVE-2013-1675", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-1675"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firefox", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Firefox Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d48b98cc-d04c-4d77-8426-83874300f6cc", "vulnerability": {"vulnId": "CVE-2017-0001", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d48b98cc-d04c-4d77-8426-83874300f6cc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability | Affected: Microsoft / Graphics Device Interface (GDI) | Description: The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0001"}, "references": [{"id": "CVE-2017-0001", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0001"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Graphics Device Interface (GDI)", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Graphics Device Interface (GDI) Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "81c7dcf8-a9e3-4cb8-8e66-420ae1dda3c6", "vulnerability": {"vulnId": "CVE-2009-1123", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "81c7dcf8-a9e3-4cb8-8e66-420ae1dda3c6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Improper Input Validation Vulnerability | Affected: Microsoft / Windows | Description: The kernel in Microsoft Windows does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2009-1123"}, "references": [{"id": "CVE-2009-1123", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2009-1123"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b8fa68bf-45c6-411a-9aeb-8df0265307a9", "vulnerability": {"vulnId": "CVE-2015-5119", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b8fa68bf-45c6-411a-9aeb-8df0265307a9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Use-After-Free Vulnerability | Affected: Adobe / Flash Player | Description: A use-after-free vulnerability exists within the ActionScript 3 ByteArray class in Adobe Flash Player that allows an attacker to perform remote code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-5119"}, "references": [{"id": "CVE-2015-5119", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-5119"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "11c4d353-c972-4610-9809-fb2161ca1e5a", "vulnerability": {"vulnId": "CVE-2018-0179", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "11c4d353-c972-4610-9809-fb2161ca1e5a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software Denial-of-Service Vulnerability | Affected: Cisco / IOS Software | Description: A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0179"}, "references": [{"id": "CVE-2018-0179", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0179"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "817439da-0213-4d2f-8a5b-ad13b977d182", "vulnerability": {"vulnId": "CVE-2015-2545", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "817439da-0213-4d2f-8a5b-ad13b977d182", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Malformed EPS File Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office allows remote attackers to execute arbitrary code via a crafted EPS image. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-2545"}, "references": [{"id": "CVE-2015-2545", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2545"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Malformed EPS File Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2ea07712-7a6a-49cd-b665-bbd1614e5931", "vulnerability": {"vulnId": "CVE-2017-12234", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2ea07712-7a6a-49cd-b665-bbd1614e5931", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability | Affected: Cisco / IOS software | Description: There is a vulnerability in the implementation of the Common Industrial Protocol (CIP) feature in Cisco IOS could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12234"}, "references": [{"id": "CVE-2017-12234", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12234"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software Common Industrial Protocol Request Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ba7410db-27e0-4375-abfc-5950b95c58cd", "vulnerability": {"vulnId": "CVE-2017-8540", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ba7410db-27e0-4375-abfc-5950b95c58cd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability | Affected: Microsoft / Malware Protection Engine | Description: The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka \"Microsoft Malware Protection Engine Remote Code Execution Vulnerability\". | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-8540"}, "references": [{"id": "CVE-2017-8540", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-8540"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Malware Protection Engine", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "47685a55-2136-436e-8d9d-0ccbcac6e47c", "vulnerability": {"vulnId": "CVE-2010-0232", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "47685a55-2136-436e-8d9d-0ccbcac6e47c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Exception Handler Vulnerability | Affected: Microsoft / Windows | Description: The kernel in Microsoft Windows, when access to 16-bit applications is enabled on a 32-bit x86 platform, does not properly validate certain BIOS calls, which allows local users to gain privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-0232"}, "references": [{"id": "CVE-2010-0232", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-0232"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Exception Handler Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4523b596-812f-420f-ad0b-1523a23fcab1", "vulnerability": {"vulnId": "CVE-2018-0154", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4523b596-812f-420f-ad0b-1523a23fcab1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability | Affected: Cisco / IOS Software | Description: A vulnerability in the crypto engine of the Cisco Integrated Services Module for VPN (ISM-VPN) running Cisco IOS Software could allow an unauthenticated, remote attacker to cause a denial-of-service (DoS) condition. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0154"}, "references": [{"id": "CVE-2018-0154", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0154"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software Integrated Services Module for VPN Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bd758dbf-01de-4ff7-bd73-a050ba0f19b3", "vulnerability": {"vulnId": "CVE-2018-0156", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bd758dbf-01de-4ff7-bd73-a050ba0f19b3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability | Affected: Cisco / IOS Software and Cisco IOS XE Software | Description: A vulnerability in the Smart Install feature of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to trigger a reload of an affected device, resulting in a denial-of-service (DoS) condition. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0156"}, "references": [{"id": "CVE-2018-0156", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0156"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS Software and Cisco IOS XE Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software and Cisco IOS XE Software Smart Install Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "82328625-ecc7-44b4-9f4a-dd480887bc52", "vulnerability": {"vulnId": "CVE-2016-0099", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "82328625-ecc7-44b4-9f4a-dd480887bc52", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: A privilege escalation vulnerability exists in Microsoft Windows if the Windows Secondary Logon Service fails to properly manage request handles in memory. An attacker who successfully exploited this vulnerability could run arbitrary code as an administrator. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-0099"}, "references": [{"id": "CVE-2016-0099", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-0099"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Secondary Logon Service Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "686a6669-c852-421f-b3ce-cd57f8759516", "vulnerability": {"vulnId": "CVE-2018-0161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "686a6669-c852-421f-b3ce-cd57f8759516", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software Resource Management Errors Vulnerability | Affected: Cisco / IOS Software | Description: A vulnerability in the Simple Network Management Protocol (SNMP) subsystem of Cisco IOS Software running on certain models of Cisco Catalyst Switches could allow an authenticated, remote attacker to cause a denial-of-service (DoS) condition. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0161"}, "references": [{"id": "CVE-2018-0161", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0161"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software Resource Management Errors Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "61e17a6e-df45-48bd-bb64-95a1e7bd84a2", "vulnerability": {"vulnId": "CVE-2013-5065", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "61e17a6e-df45-48bd-bb64-95a1e7bd84a2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows NDProxy.sys in the kernel contains an improper input validation vulnerability which can allow a local attacker to escalate privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-5065"}, "references": [{"id": "CVE-2013-5065", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-5065"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bf15321b-5a62-4e7f-956a-c89120bfe590", "vulnerability": {"vulnId": "CVE-2018-8581", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bf15321b-5a62-4e7f-956a-c89120bfe590", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Privilege Escalation Vulnerability | Affected: Microsoft / Exchange Server | Description: A privilege escalation vulnerability exists in Microsoft Exchange Server. An attacker who successfully exploited this vulnerability could attempt to impersonate any other user of the Exchange server. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8581"}, "references": [{"id": "CVE-2018-8581", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8581"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "6157761d-ad87-432e-a05b-a86fb8fb796c", "vulnerability": {"vulnId": "CVE-2012-0507", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6157761d-ad87-432e-a05b-a86fb8fb796c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | Affected: Oracle / Java SE | Description: An incorrect type vulnerability exists in the Concurrency component of Oracle's Java Runtime Environment allows an attacker to remotely execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-0507"}, "references": [{"id": "CVE-2012-0507", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-0507"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java SE", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "9157d5b8-72b4-4023-ae58-eabaa65a20de", "vulnerability": {"vulnId": "CVE-2017-6744", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9157d5b8-72b4-4023-ae58-eabaa65a20de", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software SNMP Remote Code Execution Vulnerability | Affected: Cisco / IOS software | Description: The Simple Network Management Protocol (SNMP) subsystem of Cisco IOS 1 contains a vulnerability that could allow an authenticated, remote attacker to remotely execute code on an affected system or cause an affected system to reload. An attacker could exploit these vulnerabilities by sending a crafted SNMP packet to an affected system via IPv4 or IPv6. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6744"}, "references": [{"id": "CVE-2017-6744", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6744"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software SNMP Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bfeebba7-8631-4cf4-87e1-1608b626a711", "vulnerability": {"vulnId": "CVE-2015-2424", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bfeebba7-8631-4cf4-87e1-1608b626a711", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft PowerPoint Memory Corruption Vulnerability | Affected: Microsoft / PowerPoint | Description: Microsoft PowerPoint allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-2424"}, "references": [{"id": "CVE-2015-2424", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2424"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PowerPoint", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft PowerPoint Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bff9a071-14f2-4c73-b82b-53b4322d1882", "vulnerability": {"vulnId": "CVE-2022-20699", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bff9a071-14f2-4c73-b82b-53b4322d1882", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | Affected: Cisco / Small Business RV160, RV260, RV340, and RV345 Series Routers | Description: A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-20699"}, "references": [{"id": "CVE-2022-20699", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-20699"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-785"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Small Business RV160, RV260, RV340, and RV345 Series Routers", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "09482c32-82c4-43f7-bebb-82f918b541b0", "vulnerability": {"vulnId": "CVE-2022-20700", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "09482c32-82c4-43f7-bebb-82f918b541b0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability | Affected: Cisco / Small Business RV160, RV260, RV340, and RV345 Series Routers | Description: A vulnerability in Cisco Small Business RV160, RV260, RV340, and RV345 Series Routers could allow an attacker to do any of the following: Execute arbitrary code elevate privileges, execute arbitrary commands, bypass authentication and authorization protections, fetch and run unsigned software, or cause a denial of service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-20700"}, "references": [{"id": "CVE-2022-20700", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-20700"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-121"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Small Business RV160, RV260, RV340, and RV345 Series Routers", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Small Business RV Series Routers Stack-based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d21c9c5b-4d87-44af-9991-2746fd11653b", "vulnerability": {"vulnId": "CVE-2013-0632", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d21c9c5b-4d87-44af-9991-2746fd11653b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Authentication Bypass Vulnerability | Affected: Adobe / ColdFusion | Description: An authentication bypass vulnerability exists in Adobe ColdFusion which could result in an unauthorized user gaining administrative access. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-0632"}, "references": [{"id": "CVE-2013-0632", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0632"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-200"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "96c4189e-b9a0-43c3-9790-aef692562991", "vulnerability": {"vulnId": "CVE-2013-3897", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "96c4189e-b9a0-43c3-9790-aef692562991", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Use-After-Free Vulnerability | Affected: Microsoft / Internet Explorer | Description: A use-after-free vulnerability exists within CDisplayPointer in Microsoft Internet Explorer that allows an attacker to remotely execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-3897"}, "references": [{"id": "CVE-2013-3897", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-3897"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "67a40e8d-863f-496e-991a-0a8876bed492", "vulnerability": {"vulnId": "CVE-2019-1652", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "67a40e8d-863f-496e-991a-0a8876bed492", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Small Business Routers Improper Input Validation Vulnerability | Affected: Cisco / Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers | Description: A vulnerability in the web-based management interface of Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an authenticated, remote attacker with administrative privileges on an affected device to execute arbitrary commands. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1652"}, "references": [{"id": "CVE-2019-1652", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1652"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Small Business Routers Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5b7381b5-e2ed-428d-b0dc-abd4b78b7d7f", "vulnerability": {"vulnId": "CVE-2018-0155", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5b7381b5-e2ed-428d-b0dc-abd4b78b7d7f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability | Affected: Cisco / Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches | Description: A vulnerability in the Bidirectional Forwarding Detection (BFD) offload implementation of Cisco Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches could allow an unauthenticated, remote attacker to cause a crash of the iosd process, causing a denial-of-service (DoS) condition. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0155"}, "references": [{"id": "CVE-2018-0155", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0155"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-388"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Catalyst 4500 Series Switches and Cisco Catalyst 4500-X Series Switches", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Catalyst Bidirectional Forwarding Detection Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5aab3b5c-86e7-4da9-93d3-73c4ea0f7dc4", "vulnerability": {"vulnId": "CVE-2017-12232", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5aab3b5c-86e7-4da9-93d3-73c4ea0f7dc4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability | Affected: Cisco / IOS software | Description: A vulnerability in the implementation of a protocol in Cisco Integrated Services Routers Generation 2 (ISR G2) Routers running Cisco IOS could allow an unauthenticated, adjacent attacker to cause an affected device to reload, resulting in a denial of service. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12232"}, "references": [{"id": "CVE-2017-12232", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12232"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software for Cisco Integrated Services Routers Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c5f9ab5b-f327-4878-a0e4-372fa383c412", "vulnerability": {"vulnId": "CVE-2017-11292", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c5f9ab5b-f327-4878-a0e4-372fa383c412", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Type Confusion Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains a type confusion vulnerability which can allow for remote code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-11292"}, "references": [{"id": "CVE-2017-11292", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-11292"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "56c4257c-a22d-4d10-a1de-0370b0cf2018", "vulnerability": {"vulnId": "CVE-2008-3431", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "56c4257c-a22d-4d10-a1de-0370b0cf2018", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle VirtualBox Insufficient Input Validation Vulnerability | Affected: Oracle / VirtualBox | Description: An input validation vulnerability exists in the VBoxDrv.sys driver of Sun xVM VirtualBox which allows attackers to locally execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2008-3431"}, "references": [{"id": "CVE-2008-3431", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2008-3431"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VirtualBox", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle VirtualBox Insufficient Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5598662b-b76a-432f-b6ca-d5b2bba8fed5", "vulnerability": {"vulnId": "CVE-2013-0640", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5598662b-b76a-432f-b6ca-d5b2bba8fed5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Reader and Acrobat Memory Corruption Vulnerability | Affected: Adobe / Reader and Acrobat | Description: An memory corruption vulnerability exists in the acroform.dll in Adobe Reader that allows an attacker to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-0640"}, "references": [{"id": "CVE-2013-0640", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-0640"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Reader and Acrobat", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Reader and Acrobat Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a1037b50-9e6f-483a-ad5c-83700e97d2ff", "vulnerability": {"vulnId": "CVE-2015-4902", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a1037b50-9e6f-483a-ad5c-83700e97d2ff", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Java SE Integrity Check Vulnerability | Affected: Oracle / Java SE | Description: Unspecified vulnerability in Oracle Java SE allows remote attackers to affect integrity via Unknown vectors related to deployment. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-4902"}, "references": [{"id": "CVE-2015-4902", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-4902"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Java SE", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Java SE Integrity Check Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5591596a-fd49-4e93-b4a1-6fe608d3c39e", "vulnerability": {"vulnId": "CVE-2008-2992", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5591596a-fd49-4e93-b4a1-6fe608d3c39e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Reader and Acrobat Input Validation Vulnerability | Affected: Adobe / Acrobat and Reader | Description: Adobe Acrobat and Reader contain an input validation issue in a JavaScript method that could potentially lead to remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2008-2992"}, "references": [{"id": "CVE-2008-2992", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2008-2992"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Acrobat and Reader", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Reader and Acrobat Input Validation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8dc70dcb-9006-417e-85d7-4b2c532062d5", "vulnerability": {"vulnId": "CVE-2018-0180", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8dc70dcb-9006-417e-85d7-4b2c532062d5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software Denial-of-Service Vulnerability | Affected: Cisco / IOS Software | Description: A vulnerability in the Login Enhancements (Login Block) feature of Cisco IOS Software could allow an unauthenticated, remote attacker to trigger a reload of an affected system, resulting in a denial of service (DoS) condition. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0180"}, "references": [{"id": "CVE-2018-0180", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0180"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5e8217ac-6893-4efa-a92e-bd0e1fce5ff9", "vulnerability": {"vulnId": "CVE-2018-0172", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5e8217ac-6893-4efa-a92e-bd0e1fce5ff9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software Improper Input Validation Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: A vulnerability in the DHCP option 82 encapsulation functionality of Cisco IOS Software and Cisco IOS XE Software could allow for denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0172"}, "references": [{"id": "CVE-2018-0172", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0172"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4bc8a80a-e207-4334-92a9-c1166e007e6f", "vulnerability": {"vulnId": "CVE-2021-41379", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4bc8a80a-e207-4334-92a9-c1166e007e6f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Installer Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Installer contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-41379"}, "references": [{"id": "CVE-2021-41379", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-41379"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1386"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Installer Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "cb1e199f-287e-493b-a71c-9d50e720323d", "vulnerability": {"vulnId": "CVE-2016-7262", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "cb1e199f-287e-493b-a71c-9d50e720323d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Security Feature Bypass Vulnerability | Affected: Microsoft / Excel | Description: A security feature bypass vulnerability exists when Microsoft Office improperly handles input. An attacker who successfully exploited the vulnerability could execute arbitrary commands. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-7262"}, "references": [{"id": "CVE-2016-7262", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-7262"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Excel", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cb9d171a-5354-4ae8-baad-ec2435e76ef5", "vulnerability": {"vulnId": "CVE-2018-0173", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "cb9d171a-5354-4ae8-baad-ec2435e76ef5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software Improper Input Validation Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: A vulnerability in the Cisco IOS Software and Cisco IOS XE Software function that restores encapsulated option 82 information in DHCP Version 4 (DHCPv4) packets can allow for denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0173"}, "references": [{"id": "CVE-2018-0173", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0173"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a26d847a-dccd-4a19-8f3f-5925908abdad", "vulnerability": {"vulnId": "CVE-2018-0151", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a26d847a-dccd-4a19-8f3f-5925908abdad", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability | Affected: Cisco / IOS and IOS XE Software | Description: A vulnerability in the quality of service (QoS) subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code with elevated privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0151"}, "references": [{"id": "CVE-2018-0151", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0151"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE Software", "due_date": "2022-03-17", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software and Cisco IOS XE Software Quality of Service Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4f1cdbdb-69a4-4dcb-9337-1bd8d0a39c0d", "vulnerability": {"vulnId": "CVE-2017-12231", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-03-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4f1cdbdb-69a4-4dcb-9337-1bd8d0a39c0d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-03-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-03-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability | Affected: Cisco / IOS software | Description: A vulnerability in the implementation of Network Address Translation (NAT) functionality in Cisco IOS could allow an unauthenticated, remote attacker to cause a denial of service. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12231"}, "references": [{"id": "CVE-2017-12231", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12231"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS software", "due_date": "2022-03-24", "date_added": "2022-03-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS Software Network Address Translation Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ade45482-3edd-4e9c-91a2-18ff214c501c", "vulnerability": {"vulnId": "CVE-2017-0222", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-25T00:00:00+00:00"}, "gcve": {"object_uuid": "ade45482-3edd-4e9c-91a2-18ff214c501c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Remote Code Execution Vulnerability | Affected: Microsoft / Internet Explorer | Description: A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0222"}, "references": [{"id": "CVE-2017-0222", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0222"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-08-25", "date_added": "2022-02-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9a6e76e0-b2b3-46f4-a5ac-279c2c201401", "vulnerability": {"vulnId": "CVE-2017-8570", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-25T00:00:00+00:00"}, "gcve": {"object_uuid": "9a6e76e0-b2b3-46f4-a5ac-279c2c201401", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Remote Code Execution Vulnerability | Affected: Microsoft / Office | Description: A remote code execution vulnerability exists in Microsoft Office software when it fails to properly handle objects in memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-8570"}, "references": [{"id": "CVE-2017-8570", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-8570"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-08-25", "date_added": "2022-02-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b455d80b-c6e7-4ae7-afb4-f233bfeffe0f", "vulnerability": {"vulnId": "CVE-2022-24682", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-25T00:00:00+00:00"}, "gcve": {"object_uuid": "b455d80b-c6e7-4ae7-afb4-f233bfeffe0f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability | Affected: Synacor / Zimbra Collaborate Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains a cross-site scripting (XSS) vulnerability in the Calendar feature that allows an attacker to execute arbitrary code. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-11 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-24682"}, "references": [{"id": "CVE-2022-24682", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-24682"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79", "CWE-116"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaborate Suite (ZCS)", "due_date": "2022-03-11", "date_added": "2022-02-25", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaborate Suite (ZCS) Cross-Site Scripting Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "61a8437c-8706-4895-a4f4-06f913e5b07a", "vulnerability": {"vulnId": "CVE-2014-6352", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-25T00:00:00+00:00"}, "gcve": {"object_uuid": "61a8437c-8706-4895-a4f4-06f913e5b07a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-25T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-25T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Code Injection Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows allow remote attackers to execute arbitrary code via a crafted OLE object. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-6352"}, "references": [{"id": "CVE-2014-6352", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-6352"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-08-25", "date_added": "2022-02-25", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "86a27fba-cd3f-4832-b08b-df3ac3ac9dfb", "vulnerability": {"vulnId": "CVE-2022-23134", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-22T00:00:00+00:00"}, "gcve": {"object_uuid": "86a27fba-cd3f-4832-b08b-df3ac3ac9dfb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Zabbix Frontend Improper Access Control Vulnerability | Affected: Zabbix / Frontend | Description: Malicious actors can pass step checks and potentially change the configuration of Zabbix Frontend. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-23134"}, "references": [{"id": "CVE-2022-23134", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-23134"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Frontend", "due_date": "2022-03-08", "date_added": "2022-02-22", "vendorProject": "Zabbix", "vulnerabilityName": "Zabbix Frontend Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "af44b085-9a00-4c2c-ab8c-8387cce1be46", "vulnerability": {"vulnId": "CVE-2022-23131", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-22T00:00:00+00:00"}, "gcve": {"object_uuid": "af44b085-9a00-4c2c-ab8c-8387cce1be46", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-22T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-22T00:00:00Z"}, "scope": {"notes": "KEV entry: Zabbix Frontend Authentication Bypass Vulnerability | Affected: Zabbix / Frontend | Description: Unsafe client-side session storage leading to authentication bypass/instance takeover via Zabbix Frontend with configured SAML. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-08 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-23131"}, "references": [{"id": "CVE-2022-23131", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-23131"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-290"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Frontend", "due_date": "2022-03-08", "date_added": "2022-02-22", "vendorProject": "Zabbix", "vulnerabilityName": "Zabbix Frontend Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cb1ae1ac-b124-4e7d-a9b9-319eb82b45d3", "vulnerability": {"vulnId": "CVE-2018-8174", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "cb1ae1ac-b124-4e7d-a9b9-319eb82b45d3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability | Affected: Microsoft / Windows | Description: A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka \"Windows VBScript Engine Remote Code Execution\" | Required action: Apply updates per vendor instructions. | Due date: 2022-08-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8174"}, "references": [{"id": "CVE-2018-8174", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8174"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-08-15", "date_added": "2022-02-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows VBScript Engine Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "0206bf76-4111-440f-b7d5-585eda423724", "vulnerability": {"vulnId": "CVE-2019-0752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "0206bf76-4111-440f-b7d5-585eda423724", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Type Confusion Vulnerability | Affected: Microsoft / Internet Explorer | Description: A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer | Required action: Apply updates per vendor instructions. | Due date: 2022-08-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0752"}, "references": [{"id": "CVE-2019-0752", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0752"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-08-15", "date_added": "2022-02-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8923c6ef-b071-437d-b02b-e20781274be2", "vulnerability": {"vulnId": "CVE-2022-24086", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "8923c6ef-b071-437d-b02b-e20781274be2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability | Affected: Adobe / Commerce and Magento Open Source | Description: Adobe Commerce and Magento Open Source contain an improper input validation vulnerability which can allow for arbitrary code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-24086"}, "references": [{"id": "CVE-2022-24086", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-24086"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Commerce and Magento Open Source", "due_date": "2022-03-01", "date_added": "2022-02-15", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Commerce and Magento Open Source Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bda6d86c-a766-4115-85b4-ec6e5e44a4f0", "vulnerability": {"vulnId": "CVE-2018-15982", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "bda6d86c-a766-4115-85b4-ec6e5e44a4f0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Use-After-Free Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player com.adobe.tvsdk.mediacore.metadata Use After Free Vulnerability | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-08-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-15982"}, "references": [{"id": "CVE-2018-15982", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-15982"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-08-15", "date_added": "2022-02-15", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "6c77776d-9bb9-401e-8f2d-617d99dedfa4", "vulnerability": {"vulnId": "CVE-2017-9841", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "6c77776d-9bb9-401e-8f2d-617d99dedfa4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-15T00:00:00Z"}, "scope": {"notes": "KEV entry: PHPUnit Command Injection Vulnerability | Affected: PHPUnit / PHPUnit | Description: PHPUnit allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a \"<?php \" substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-9841"}, "references": [{"id": "CVE-2017-9841", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-9841"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PHPUnit", "due_date": "2022-08-15", "date_added": "2022-02-15", "vendorProject": "PHPUnit", "vulnerabilityName": "PHPUnit Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4f496893-2f3b-46df-9b70-f835a2337729", "vulnerability": {"vulnId": "CVE-2014-1761", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "4f496893-2f3b-46df-9b70-f835a2337729", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Word Memory Corruption Vulnerability | Affected: Microsoft / Word | Description: Microsoft Word contains a memory corruption vulnerability which when exploited could allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-1761"}, "references": [{"id": "CVE-2014-1761", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-1761"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Word", "due_date": "2022-08-15", "date_added": "2022-02-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Word Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "80987bdf-0577-42b4-b7a4-36e03fc91bf9", "vulnerability": {"vulnId": "CVE-2022-0609", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "80987bdf-0577-42b4-b7a4-36e03fc91bf9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Animation Use-After-Free Vulnerability | Affected: Google / Chromium Animation | Description: Google Chromium Animation contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-03-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-0609"}, "references": [{"id": "CVE-2022-0609", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-0609"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium Animation", "due_date": "2022-03-01", "date_added": "2022-02-15", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Animation Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4fef04dc-04f9-409c-99da-59456636c9ca", "vulnerability": {"vulnId": "CVE-2013-3906", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "4fef04dc-04f9-409c-99da-59456636c9ca", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Graphics Component Memory Corruption Vulnerability | Affected: Microsoft / Graphics Component | Description: Microsoft Graphics Component contains a memory corruption vulnerability which can allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-3906"}, "references": [{"id": "CVE-2013-3906", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-3906"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Graphics Component", "due_date": "2022-08-15", "date_added": "2022-02-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Graphics Component Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7722a648-154b-4006-966c-45042d47b41c", "vulnerability": {"vulnId": "CVE-2018-20250", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-15T00:00:00+00:00"}, "gcve": {"object_uuid": "7722a648-154b-4006-966c-45042d47b41c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-15T00:00:00Z"}, "scope": {"notes": "KEV entry: WinRAR Absolute Path Traversal Vulnerability | Affected: RARLAB / WinRAR | Description: WinRAR Absolute Path Traversal vulnerability leads to Remote Code Execution | Required action: Apply updates per vendor instructions. | Due date: 2022-08-15 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-20250"}, "references": [{"id": "CVE-2018-20250", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-20250"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-36"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WinRAR", "due_date": "2022-08-15", "date_added": "2022-02-15", "vendorProject": "RARLAB", "vulnerabilityName": "WinRAR Absolute Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "1d7d4dbe-1d29-4008-80ff-6e046d9c3156", "vulnerability": {"vulnId": "CVE-2022-22620", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-11T00:00:00+00:00"}, "gcve": {"object_uuid": "1d7d4dbe-1d29-4008-80ff-6e046d9c3156", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-11T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-11T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability | Affected: Apple / iOS, iPadOS, and macOS | Description: Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-25 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-22620"}, "references": [{"id": "CVE-2022-22620", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22620"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and macOS", "due_date": "2022-02-25", "date_added": "2022-02-11", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and macOS Webkit Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c540e260-2a70-4757-be34-34acc20e189a", "vulnerability": {"vulnId": "CVE-2015-2051", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "c540e260-2a70-4757-be34-34acc20e189a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DIR-645 Router Remote Code Execution Vulnerability | Affected: D-Link / DIR-645 Router | Description: D-Link DIR-645 Wired/Wireless Router allows remote attackers to execute arbitrary commands via a GetDeviceSettings action to the HNAP interface. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-2051"}, "references": [{"id": "CVE-2015-2051", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-2051"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DIR-645 Router", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DIR-645 Router Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "856556ac-1285-4df5-9535-fda3efe49c1b", "vulnerability": {"vulnId": "CVE-2017-0144", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "856556ac-1285-4df5-9535-fda3efe49c1b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SMBv1 Remote Code Execution Vulnerability | Affected: Microsoft / SMBv1 | Description: The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0144"}, "references": [{"id": "CVE-2017-0144", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0144"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMBv1", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SMBv1 Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "ece88b72-5d7b-4b50-9d1a-954e62430664", "vulnerability": {"vulnId": "CVE-2016-3088", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "ece88b72-5d7b-4b50-9d1a-954e62430664", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache ActiveMQ Improper Input Validation Vulnerability | Affected: Apache / ActiveMQ | Description: The Fileserver web application in Apache ActiveMQ allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-3088"}, "references": [{"id": "CVE-2016-3088", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3088"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ActiveMQ", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Apache", "vulnerabilityName": "Apache ActiveMQ Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "15fd02bc-df30-4b4c-a75a-c27afe091dd1", "vulnerability": {"vulnId": "CVE-2017-0262", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "15fd02bc-df30-4b4c-a75a-c27afe091dd1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Remote Code Execution Vulnerability | Affected: Microsoft / Office | Description: A remote code execution vulnerability exists in Microsoft Office. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0262"}, "references": [{"id": "CVE-2017-0262", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0262"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "40d513bc-9d0a-4864-b81d-3c1c5b5658f1", "vulnerability": {"vulnId": "CVE-2017-0263", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "40d513bc-9d0a-4864-b81d-3c1c5b5658f1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains a privilege escalation vulnerability due to the Windows kernel-mode driver failing to properly handle objects in memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0263"}, "references": [{"id": "CVE-2017-0263", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0263"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "812e1ff5-1449-4378-bbc3-65ad133150d5", "vulnerability": {"vulnId": "CVE-2018-1000861", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "812e1ff5-1449-4378-bbc3-65ad133150d5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability | Affected: Jenkins / Jenkins Stapler Web Framework | Description: A code execution vulnerability exists in the Stapler web framework used by Jenkins | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-1000861"}, "references": [{"id": "CVE-2018-1000861", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-1000861"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Jenkins Stapler Web Framework", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Jenkins", "vulnerabilityName": "Jenkins Stapler Web Framework Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "980bf297-4b65-4417-93e5-bb8927280add", "vulnerability": {"vulnId": "CVE-2021-36934", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "980bf297-4b65-4417-93e5-bb8927280add", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows SAM Local Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: If a Volume Shadow Copy (VSS) shadow copy of the system drive is available, users can read the SAM file which would allow any user to escalate privileges to SYSTEM level. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-36934"}, "references": [{"id": "CVE-2021-36934", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-36934"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1220"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-02-24", "date_added": "2022-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows SAM Local Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f9e202ca-7c63-4da8-86e3-3ba528ec5b39", "vulnerability": {"vulnId": "CVE-2020-0796", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "f9e202ca-7c63-4da8-86e3-3ba528ec5b39", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SMBv3 Remote Code Execution Vulnerability | Affected: Microsoft / SMBv3 | Description: A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests. An attacker who successfully exploited the vulnerability could gain the ability to execute code on the target server or client. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0796"}, "references": [{"id": "CVE-2020-0796", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0796"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMBv3", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SMBv3 Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3bfa0a70-ae59-4eaf-a5a3-63bbadc56532", "vulnerability": {"vulnId": "CVE-2017-10271", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "3bfa0a70-ae59-4eaf-a5a3-63bbadc56532", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Corporation WebLogic Server Remote Code Execution Vulnerability | Affected: Oracle / WebLogic Server | Description: Oracle Corporation WebLogic Server contains a vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-10271"}, "references": [{"id": "CVE-2017-10271", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-10271"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebLogic Server", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Corporation WebLogic Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3734fe52-ad4e-4e11-8b4e-b9ebdc60a5ab", "vulnerability": {"vulnId": "CVE-2015-1130", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "3734fe52-ad4e-4e11-8b4e-b9ebdc60a5ab", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple OS X Authentication Bypass Vulnerability | Affected: Apple / OS X | Description: The XPC implementation in Admin Framework in Apple OS X before 10.10.3 allows local users to bypass authentication and obtain admin privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-1130"}, "references": [{"id": "CVE-2015-1130", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-1130"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-254"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "OS X", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Apple", "vulnerabilityName": "Apple OS X Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ebc1fa19-60d6-49b6-8229-0ab4fe1c5cab", "vulnerability": {"vulnId": "CVE-2017-8464", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "ebc1fa19-60d6-49b6-8229-0ab4fe1c5cab", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Windows Shell in multiple versions of Microsoft Windows allows local users or remote attackers to execute arbitrary code via a crafted .LNK file | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-8464"}, "references": [{"id": "CVE-2017-8464", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-8464"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Shell (.lnk) Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f6f9e870-b360-4287-8adb-b5b27f5d3111", "vulnerability": {"vulnId": "CVE-2017-0145", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "f6f9e870-b360-4287-8adb-b5b27f5d3111", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SMBv1 Remote Code Execution Vulnerability | Affected: Microsoft / SMBv1 | Description: The SMBv1 server in multiple Microsoft Windows versions allows remote attackers to execute arbitrary code via crafted packets. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0145"}, "references": [{"id": "CVE-2017-0145", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0145"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMBv1", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SMBv1 Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "971dd6c6-9b16-4f8b-916c-991233f9bdaa", "vulnerability": {"vulnId": "CVE-2015-1635", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "971dd6c6-9b16-4f8b-916c-991233f9bdaa", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft HTTP.sys Remote Code Execution Vulnerability | Affected: Microsoft / HTTP.sys | Description: Microsoft HTTP protocol stack (HTTP.sys) contains a vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-1635"}, "references": [{"id": "CVE-2015-1635", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-1635"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HTTP.sys", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft HTTP.sys Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "48c880d0-1b5c-47ab-a19a-0776f7b6859a", "vulnerability": {"vulnId": "CVE-2017-9791", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "48c880d0-1b5c-47ab-a19a-0776f7b6859a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Struts 1 Improper Input Validation Vulnerability | Affected: Apache / Struts 1 | Description: The Struts 1 plugin in Apache Struts might allow remote code execution via a malicious field value passed in a raw message to the ActionMessage. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-9791"}, "references": [{"id": "CVE-2017-9791", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-9791"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Struts 1", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Apache", "vulnerabilityName": "Apache Struts 1 Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "932d7aa5-10ce-47b5-a09c-784a62356ef8", "vulnerability": {"vulnId": "CVE-2014-4404", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-10T00:00:00+00:00"}, "gcve": {"object_uuid": "932d7aa5-10ce-47b5-a09c-784a62356ef8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple OS X Heap-Based Buffer Overflow Vulnerability | Affected: Apple / OS X | Description: Heap-based buffer overflow in IOHIDFamily in Apple OS X, which affects, iOS before 8 and Apple TV before 7, allows attackers to execute arbitrary code in a privileged context. | Required action: Apply updates per vendor instructions. | Due date: 2022-08-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-4404"}, "references": [{"id": "CVE-2014-4404", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-4404"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "OS X", "due_date": "2022-08-10", "date_added": "2022-02-10", "vendorProject": "Apple", "vulnerabilityName": "Apple OS X Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3c7ac2f0-ab00-4981-99a6-22dc41abb667", "vulnerability": {"vulnId": "CVE-2022-21882", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-02-04T00:00:00+00:00"}, "gcve": {"object_uuid": "3c7ac2f0-ab00-4981-99a6-22dc41abb667", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-02-04T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-02-04T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-21882"}, "references": [{"id": "CVE-2022-21882", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-21882"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-02-18", "date_added": "2022-02-04", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "73aba32f-c62a-4ccd-a94c-a8587d5f5871", "vulnerability": {"vulnId": "CVE-2021-20038", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "73aba32f-c62a-4ccd-a94c-a8587d5f5871", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-28T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability | Affected: SonicWall / SMA 100 Appliances | Description: SonicWall SMA 100 devies are vulnerable to an unauthenticated stack-based buffer overflow vulnerability where exploitation can result in code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-11 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-20038"}, "references": [{"id": "CVE-2021-20038", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20038"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-121"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMA 100 Appliances", "due_date": "2022-02-11", "date_added": "2022-01-28", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SMA 100 Appliances Stack-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "e02d5cfc-4230-499d-9e85-011b20e81242", "vulnerability": {"vulnId": "CVE-2014-7169", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "e02d5cfc-4230-499d-9e85-011b20e81242", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-28T00:00:00Z"}, "scope": {"notes": "KEV entry: GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | Affected: GNU / Bourne-Again Shell (Bash) | Description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. This CVE correctly remediates the vulnerability in CVE-2014-6271. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-7169"}, "references": [{"id": "CVE-2014-7169", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-7169"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Bourne-Again Shell (Bash)", "due_date": "2022-07-28", "date_added": "2022-01-28", "vendorProject": "GNU", "vulnerabilityName": "GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d8070e4b-b30a-480c-baa4-44eaf4f1a202", "vulnerability": {"vulnId": "CVE-2022-22587", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "d8070e4b-b30a-480c-baa4-44eaf4f1a202", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Memory Corruption Vulnerability | Affected: Apple / iOS and macOS | Description: Apple IOMobileFrameBuffer contains a memory corruption vulnerability which can allow a malicious application to execute arbitrary code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-11 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2022-22587"}, "references": [{"id": "CVE-2022-22587", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2022-22587"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS and macOS", "due_date": "2022-02-11", "date_added": "2022-01-28", "vendorProject": "Apple", "vulnerabilityName": "Apple Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "db68b2cb-d879-483f-b6a1-a86f164aa087", "vulnerability": {"vulnId": "CVE-2020-5722", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "db68b2cb-d879-483f-b6a1-a86f164aa087", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Grandstream Networks UCM6200 Series SQL Injection Vulnerability | Affected: Grandstream / UCM6200 | Description: Grandstream UCM6200 series is vulnerable to an unauthenticated remote SQL injection via crafted HTTP request. Exploitation can allow for code execution as root. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-5722"}, "references": [{"id": "CVE-2020-5722", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-5722"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "UCM6200", "due_date": "2022-07-28", "date_added": "2022-01-28", "vendorProject": "Grandstream", "vulnerabilityName": "Grandstream Networks UCM6200 Series SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a2b0c1bc-e30d-4c2c-9292-79e3c67c36ff", "vulnerability": {"vulnId": "CVE-2014-1776", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "a2b0c1bc-e30d-4c2c-9292-79e3c67c36ff", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a memory corruption vulnerability that allows remote attackers to execute code in the context of the current user. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://learn.microsoft.com/en-us/security-updates/SecurityBulletins/2014/ms14-021?redirectedfrom=MSDN; https://nvd.nist.gov/vuln/detail/CVE-2014-1776"}, "references": [{"id": "CVE-2014-1776", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-1776"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-07-28", "date_added": "2022-01-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1f857002-8caa-404d-9436-d4dbb97eae47", "vulnerability": {"vulnId": "CVE-2014-6271", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "1f857002-8caa-404d-9436-d4dbb97eae47", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-28T00:00:00Z"}, "scope": {"notes": "KEV entry: GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability | Affected: GNU / Bourne-Again Shell (Bash) | Description: GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute code. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-6271"}, "references": [{"id": "CVE-2014-6271", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-6271"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Bourne-Again Shell (Bash)", "due_date": "2022-07-28", "date_added": "2022-01-28", "vendorProject": "GNU", "vulnerabilityName": "GNU Bourne-Again Shell (Bash) Arbitrary Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c34a93a2-b769-43ce-9cc6-95a9ff332f9b", "vulnerability": {"vulnId": "CVE-2020-0787", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "c34a93a2-b769-43ce-9cc6-95a9ff332f9b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows BITS is vulnerable to to a privilege elevation vulnerability if it improperly handles symbolic links. An actor can exploit this vulnerability to execute arbitrary code with system-level privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-28 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0787"}, "references": [{"id": "CVE-2020-0787", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0787"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269", "CWE-59"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-07-28", "date_added": "2022-01-28", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Background Intelligent Transfer Service (BITS) Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "41b9ea0e-b79f-447a-86b3-0679b1a25331", "vulnerability": {"vulnId": "CVE-2017-5689", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-28T00:00:00+00:00"}, "gcve": {"object_uuid": "41b9ea0e-b79f-447a-86b3-0679b1a25331", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-28T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-28T00:00:00Z"}, "scope": {"notes": "KEV entry: Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability | Affected: Intel / Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability | Description: Intel products contain a vulnerability which can allow attackers to perform privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-28 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-5689"}, "references": [{"id": "CVE-2017-5689", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-5689"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability", "due_date": "2022-07-28", "date_added": "2022-01-28", "vendorProject": "Intel", "vulnerabilityName": "Intel Active Management Technology (AMT), Small Business Technology (SBT), and Standard Manageability Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d69e6265-6edf-4284-ae71-44caca0fc415", "vulnerability": {"vulnId": "CVE-2006-1547", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "d69e6265-6edf-4284-ae71-44caca0fc415", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Struts 1 ActionForm Denial-of-Service Vulnerability | Affected: Apache / Struts 1 | Description: ActionForm in Apache Struts versions before 1.2.9 with BeanUtils 1.7 contains a vulnerability that allows for denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2022-07-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2006-1547"}, "references": [{"id": "CVE-2006-1547", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2006-1547"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Struts 1", "due_date": "2022-07-21", "date_added": "2022-01-21", "vendorProject": "Apache", "vulnerabilityName": "Apache Struts 1 ActionForm Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "94ed671e-799d-455e-bbec-1cdbebf05cdc", "vulnerability": {"vulnId": "CVE-2021-35247", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "94ed671e-799d-455e-bbec-1cdbebf05cdc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-21T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Serv-U Improper Input Validation Vulnerability | Affected: SolarWinds / Serv-U | Description: SolarWinds Serv-U versions 15.2.5 and earlier contain an improper input validation vulnerability that allows attackers to build and send queries without sanitization. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-04 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-35247"}, "references": [{"id": "CVE-2021-35247", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-35247"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Serv-U", "due_date": "2022-02-04", "date_added": "2022-01-21", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Serv-U Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c99627d5-bdd1-41db-8354-0f20cdfb3e3a", "vulnerability": {"vulnId": "CVE-2018-8453", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "c99627d5-bdd1-41db-8354-0f20cdfb3e3a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Windows Win32k contains a vulnerability that allows an attacker to escalate privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-21 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8453"}, "references": [{"id": "CVE-2018-8453", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8453"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-404"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-07-21", "date_added": "2022-01-21", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "9d2c649d-8ced-4776-a4b6-9a3eddf772ca", "vulnerability": {"vulnId": "CVE-2012-0391", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-21T00:00:00+00:00"}, "gcve": {"object_uuid": "9d2c649d-8ced-4776-a4b6-9a3eddf772ca", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-21T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-21T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Struts 2 Improper Input Validation Vulnerability | Affected: Apache / Struts 2 | Description: The ExceptionDelegator component in Apache Struts 2 before 2.2.3.1 contains an improper input validation vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-21 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-0391"}, "references": [{"id": "CVE-2012-0391", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-0391"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Struts 2", "due_date": "2022-07-21", "date_added": "2022-01-21", "vendorProject": "Apache", "vulnerabilityName": "Apache Struts 2 Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9d9a206d-a963-488f-b4a6-a23d16065d74", "vulnerability": {"vulnId": "CVE-2021-40870", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "9d9a206d-a963-488f-b4a6-a23d16065d74", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Aviatrix Controller Unrestricted Upload of File | Affected: Aviatrix / Aviatrix Controller | Description: Unrestricted upload of a file with a dangerous type is possible, which allows an unauthenticated user to execute arbitrary code via directory traversal. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-40870"}, "references": [{"id": "CVE-2021-40870", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-40870"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-25", "CWE-96"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Aviatrix Controller", "due_date": "2022-02-01", "date_added": "2022-01-18", "vendorProject": "Aviatrix", "vulnerabilityName": "Aviatrix Controller Unrestricted Upload of File", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3891c3ce-a7a3-432d-8cd5-85e8c19ac6a3", "vulnerability": {"vulnId": "CVE-2021-32648", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "3891c3ce-a7a3-432d-8cd5-85e8c19ac6a3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: October CMS Improper Authentication | Affected: October CMS / October CMS | Description: In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-32648"}, "references": [{"id": "CVE-2021-32648", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-32648"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "October CMS", "due_date": "2022-02-01", "date_added": "2022-01-18", "vendorProject": "October CMS", "vulnerabilityName": "October CMS Improper Authentication", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a5d98dbc-297a-416b-9a3e-374430d954f8", "vulnerability": {"vulnId": "CVE-2021-25296", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "a5d98dbc-297a-416b-9a3e-374430d954f8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Nagios XI OS Command Injection | Affected: Nagios / Nagios XI | Description: Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-25296"}, "references": [{"id": "CVE-2021-25296", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-25296"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78", "CWE-138"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Nagios XI", "due_date": "2022-02-01", "date_added": "2022-01-18", "vendorProject": "Nagios", "vulnerabilityName": "Nagios XI OS Command Injection", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "42179449-d348-4b94-8237-1de61696fec6", "vulnerability": {"vulnId": "CVE-2021-22991", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "42179449-d348-4b94-8237-1de61696fec6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: F5 BIG-IP Traffic Management Microkernel Buffer Overflow | Affected: F5 / BIG-IP Traffic Management Microkernel | Description: The Traffic Management Microkernel of BIG-IP ASM Risk Engine has a buffer overflow vulnerability, leading to a bypassing of URL-based access controls. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-22991"}, "references": [{"id": "CVE-2021-22991", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22991"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "BIG-IP Traffic Management Microkernel", "due_date": "2022-02-01", "date_added": "2022-01-18", "vendorProject": "F5", "vulnerabilityName": "F5 BIG-IP Traffic Management Microkernel Buffer Overflow", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "580d476f-5687-4b08-80d5-7b140166a429", "vulnerability": {"vulnId": "CVE-2020-11978", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "580d476f-5687-4b08-80d5-7b140166a429", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Airflow Command Injection | Affected: Apache / Airflow | Description: A remote code/command injection vulnerability was discovered in one of the example DAGs shipped with Airflow. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-11978"}, "references": [{"id": "CVE-2020-11978", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11978"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Airflow", "due_date": "2022-07-18", "date_added": "2022-01-18", "vendorProject": "Apache", "vulnerabilityName": "Apache Airflow Command Injection", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2db7b6f2-ba47-49cd-9732-1ad77b464110", "vulnerability": {"vulnId": "CVE-2021-25298", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "2db7b6f2-ba47-49cd-9732-1ad77b464110", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Nagios XI OS Command Injection | Affected: Nagios / Nagios XI | Description: Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-25298"}, "references": [{"id": "CVE-2021-25298", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-25298"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78", "CWE-138"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Nagios XI", "due_date": "2022-02-01", "date_added": "2022-01-18", "vendorProject": "Nagios", "vulnerabilityName": "Nagios XI OS Command Injection", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dbec7607-7776-4e23-bea0-3345a82f3aaf", "vulnerability": {"vulnId": "CVE-2020-13927", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "dbec7607-7776-4e23-bea0-3345a82f3aaf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Airflow's Experimental API Authentication Bypass | Affected: Apache / Airflow's Experimental API | Description: The previous default setting for Airflow's Experimental API was to allow all API requests without authentication. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-13927"}, "references": [{"id": "CVE-2020-13927", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-13927"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1188", "CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Airflow's Experimental API", "due_date": "2022-07-18", "date_added": "2022-01-18", "vendorProject": "Apache", "vulnerabilityName": "Apache Airflow's Experimental API Authentication Bypass", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "cdd0509c-13a8-434f-b6b7-ee739c352653", "vulnerability": {"vulnId": "CVE-2021-33766", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "cdd0509c-13a8-434f-b6b7-ee739c352653", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Information Disclosure | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an information disclosure vulnerability which can allow an unauthenticated attacker to steal email traffic from target. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-33766"}, "references": [{"id": "CVE-2021-33766", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-33766"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2022-02-01", "date_added": "2022-01-18", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Information Disclosure", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6ab9d728-a58e-4599-9dee-24fa1bedf7c1", "vulnerability": {"vulnId": "CVE-2020-14864", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "6ab9d728-a58e-4599-9dee-24fa1bedf7c1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Business Intelligence Enterprise Edition Path Transversal | Affected: Oracle / Intelligence Enterprise Edition | Description: Path traversal vulnerability, where an attacker can target the preview FilePath parameter of the getPreviewImage function to get access to arbitrary system file. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-14864"}, "references": [{"id": "CVE-2020-14864", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-14864"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Intelligence Enterprise Edition", "due_date": "2022-07-18", "date_added": "2022-01-18", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Business Intelligence Enterprise Edition Path Transversal", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "952943d8-4f61-4024-856e-1f3a7cb62b81", "vulnerability": {"vulnId": "CVE-2021-25297", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "952943d8-4f61-4024-856e-1f3a7cb62b81", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Nagios XI OS Command Injection | Affected: Nagios / Nagios XI | Description: Nagios XI contains a vulnerability which can lead to OS command injection on the Nagios XI server. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-25297"}, "references": [{"id": "CVE-2021-25297", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-25297"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78", "CWE-138"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Nagios XI", "due_date": "2022-02-01", "date_added": "2022-01-18", "vendorProject": "Nagios", "vulnerabilityName": "Nagios XI OS Command Injection", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8ea2c1cd-a5fa-4b6d-afcd-798522aa121c", "vulnerability": {"vulnId": "CVE-2020-13671", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "8ea2c1cd-a5fa-4b6d-afcd-798522aa121c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: Drupal core Un-restricted Upload of File | Affected: Drupal / Drupal core | Description: Improper sanitization in the extension file names is present in Drupal core. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-18 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-13671"}, "references": [{"id": "CVE-2020-13671", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-13671"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Drupal core", "due_date": "2022-07-18", "date_added": "2022-01-18", "vendorProject": "Drupal", "vulnerabilityName": "Drupal core Un-restricted Upload of File", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d886e834-9fec-40a3-91b2-e657d4401e46", "vulnerability": {"vulnId": "CVE-2021-21315", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "d886e834-9fec-40a3-91b2-e657d4401e46", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: System Information Library for Node.JS Command Injection | Affected: Npm package / System Information Library for Node.JS | Description: In this vulnerability, an attacker can send a malicious payload that will exploit the name parameter. After successful exploitation, attackers can execute remote. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21315"}, "references": [{"id": "CVE-2021-21315", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21315"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "System Information Library for Node.JS", "due_date": "2022-02-01", "date_added": "2022-01-18", "vendorProject": "Npm package", "vulnerabilityName": "System Information Library for Node.JS Command Injection", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c2db1b2c-c85e-4456-8b65-95e7b7bf03a0", "vulnerability": {"vulnId": "CVE-2021-21975", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-18T00:00:00+00:00"}, "gcve": {"object_uuid": "c2db1b2c-c85e-4456-8b65-95e7b7bf03a0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-18T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-18T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware Server Side Request Forgery in vRealize Operations Manager API | Affected: VMware / vRealize Operations Manager API | Description: Server Side Request Forgery (SSRF) in vRealize Operations Manager API prior to 8.4 may allow a malicious actor with network access to the vRealize Operations Manager API to perform a SSRF attack to steal administrative credentials. | Required action: Apply updates per vendor instructions. | Due date: 2022-02-01 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21975"}, "references": [{"id": "CVE-2021-21975", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21975"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vRealize Operations Manager API", "due_date": "2022-02-01", "date_added": "2022-01-18", "vendorProject": "VMware", "vulnerabilityName": "VMware Server Side Request Forgery in vRealize Operations Manager API", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "dbb69671-0591-4e92-bb68-50447d82c8f0", "vulnerability": {"vulnId": "CVE-2021-36260", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "dbb69671-0591-4e92-bb68-50447d82c8f0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Hikvision Improper Input Validation | Affected: Hikvision / Security cameras web server | Description: A command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation. | Required action: Apply updates per vendor instructions. | Due date: 2022-01-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-36260"}, "references": [{"id": "CVE-2021-36260", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-36260"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Security cameras web server", "due_date": "2022-01-24", "date_added": "2022-01-10", "vendorProject": "Hikvision", "vulnerabilityName": "Hikvision Improper Input Validation", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9222078e-c0d3-4754-ac1e-69946e0d40d9", "vulnerability": {"vulnId": "CVE-2013-3900", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "9222078e-c0d3-4754-ac1e-69946e0d40d9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft WinVerifyTrust function Remote Code Execution | Affected: Microsoft / WinVerifyTrust function | Description: A remote code execution vulnerability exists in the way that the WinVerifyTrust function handles Windows Authenticode signature verification for PE files. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2013-3900"}, "references": [{"id": "CVE-2013-3900", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2013-3900"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WinVerifyTrust function", "due_date": "2022-07-10", "date_added": "2022-01-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft WinVerifyTrust function Remote Code Execution", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4a3051fd-cf87-4ade-9bf5-768da807b160", "vulnerability": {"vulnId": "CVE-2019-1458", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "4a3051fd-cf87-4ade-9bf5-768da807b160", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: A privilege escalation vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k EoP. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1458"}, "references": [{"id": "CVE-2019-1458", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1458"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-07-10", "date_added": "2022-01-10", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "292a5f4c-3721-4997-8ec0-10bb36a907d9", "vulnerability": {"vulnId": "CVE-2021-22017", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "292a5f4c-3721-4997-8ec0-10bb36a907d9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server Improper Access Control | Affected: VMware / vCenter Server | Description: Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. | Required action: Apply updates per vendor instructions. | Due date: 2022-01-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-22017"}, "references": [{"id": "CVE-2021-22017", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22017"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-23"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2022-01-24", "date_added": "2022-01-10", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server Improper Access Control", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c6a872ff-8a1a-4af2-a47c-daa068514f62", "vulnerability": {"vulnId": "CVE-2019-7609", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "c6a872ff-8a1a-4af2-a47c-daa068514f62", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Kibana Arbitrary Code Execution | Affected: Elastic / Kibana | Description: Kibana contain an arbitrary code execution flaw in the Timelion visualizer. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-7609"}, "references": [{"id": "CVE-2019-7609", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7609"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kibana", "due_date": "2022-07-10", "date_added": "2022-01-10", "vendorProject": "Elastic", "vulnerabilityName": "Kibana Arbitrary Code Execution", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7a383d5e-415c-4060-aa15-d89da4da110e", "vulnerability": {"vulnId": "CVE-2021-27860", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "7a383d5e-415c-4060-aa15-d89da4da110e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit | Affected: FatPipe / WARP, IPVPN, and MPVPN software | Description: A vulnerability in the web management interface of FatPipe WARP, IPVPN, and MPVPN software allows a remote, unauthenticated attacker to upload a file to any location on the filesystem. | Required action: Apply updates per vendor instructions. | Due date: 2022-01-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-27860"}, "references": [{"id": "CVE-2021-27860", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27860"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WARP, IPVPN, and MPVPN software", "due_date": "2022-01-24", "date_added": "2022-01-10", "vendorProject": "FatPipe", "vulnerabilityName": "FatPipe WARP, IPVPN, and MPVPN Configuration Upload exploit", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f10eb9f1-02d5-422f-ba69-b3b52d8e5bb7", "vulnerability": {"vulnId": "CVE-2019-9670", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "f10eb9f1-02d5-422f-ba69-b3b52d8e5bb7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference | Affected: Synacor / Zimbra Collaboration Suite (ZCS) | Description: Synacor Zimbra Collaboration Suite (ZCS) contains an improper restriction of XML external entity (XXE) vulnerability in the mailboxd component. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-9670"}, "references": [{"id": "CVE-2019-9670", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-9670"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-611"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Zimbra Collaboration Suite (ZCS)", "due_date": "2022-07-10", "date_added": "2022-01-10", "vendorProject": "Synacor", "vulnerabilityName": "Synacor Zimbra Collaboration Suite (ZCS) Improper Restriction of XML External Entity Reference", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "073ee7c0-a8d3-4188-9904-ed9a6363e3e8", "vulnerability": {"vulnId": "CVE-2018-13382", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "073ee7c0-a8d3-4188-9904-ed9a6363e3e8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS and FortiProxy Improper Authorization | Affected: Fortinet / FortiOS and FortiProxy | Description: An Improper Authorization vulnerability in Fortinet FortiOS and FortiProxy under SSL VPN web portal allows an unauthenticated attacker to modify the password. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-13382"}, "references": [{"id": "CVE-2018-13382", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-13382"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-285"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS and FortiProxy", "due_date": "2022-07-10", "date_added": "2022-01-10", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS and FortiProxy Improper Authorization", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8ef90c3f-55d3-4db7-97bf-6b05a94d1ec1", "vulnerability": {"vulnId": "CVE-2019-1579", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "8ef90c3f-55d3-4db7-97bf-6b05a94d1ec1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Palo Alto Networks PAN-OS Remote Code Execution Vulnerability | Affected: Palo Alto Networks / PAN-OS | Description: Remote Code Execution in PAN-OS with GlobalProtect Portal or GlobalProtect Gateway Interface enabled. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1579"}, "references": [{"id": "CVE-2019-1579", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1579"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-134"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PAN-OS", "due_date": "2022-07-10", "date_added": "2022-01-10", "vendorProject": "Palo Alto Networks", "vulnerabilityName": "Palo Alto Networks PAN-OS Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "897e222e-4585-4dc8-aef7-40dab3682878", "vulnerability": {"vulnId": "CVE-2017-1000486", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "897e222e-4585-4dc8-aef7-40dab3682878", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Primetek Primefaces Remote Code Execution Vulnerability | Affected: Primetek / Primefaces Application | Description: Primetek Primefaces is vulnerable to a weak encryption flaw resulting in remote code execution | Required action: Apply updates per vendor instructions. | Due date: 2022-07-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-1000486"}, "references": [{"id": "CVE-2017-1000486", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-1000486"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-326"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Primefaces Application", "due_date": "2022-07-10", "date_added": "2022-01-10", "vendorProject": "Primetek", "vulnerabilityName": "Primetek Primefaces Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c8b77fa7-b1fd-4d6b-84d0-79681a29f56b", "vulnerability": {"vulnId": "CVE-2019-10149", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "c8b77fa7-b1fd-4d6b-84d0-79681a29f56b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Exim Mail Transfer Agent (MTA) Improper Input Validation | Affected: Exim / Mail Transfer Agent (MTA) | Description: Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-10149"}, "references": [{"id": "CVE-2019-10149", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-10149"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mail Transfer Agent (MTA)", "due_date": "2022-07-10", "date_added": "2022-01-10", "vendorProject": "Exim", "vulnerabilityName": "Exim Mail Transfer Agent (MTA) Improper Input Validation", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "eddb32e5-0d93-4f3b-b8ca-12db515e36c4", "vulnerability": {"vulnId": "CVE-2020-6572", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "eddb32e5-0d93-4f3b-b8ca-12db515e36c4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chrome Media Use-After-Free Vulnerability | Affected: Google / Chrome Media | Description: Google Chrome Media contains a use-after-free vulnerability that allows a remote attacker to execute code via a crafted HTML page. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-6572"}, "references": [{"id": "CVE-2020-6572", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-6572"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chrome Media", "due_date": "2022-07-10", "date_added": "2022-01-10", "vendorProject": "Google", "vulnerabilityName": "Google Chrome Media Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "19137fb9-0775-4759-95cf-7caec4da3e72", "vulnerability": {"vulnId": "CVE-2019-2725", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "19137fb9-0775-4759-95cf-7caec4da3e72", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle WebLogic Server, Injection | Affected: Oracle / WebLogic Server | Description: Injection vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). | Required action: Apply updates per vendor instructions. | Due date: 2022-07-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-2725"}, "references": [{"id": "CVE-2019-2725", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-2725"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebLogic Server", "due_date": "2022-07-10", "date_added": "2022-01-10", "vendorProject": "Oracle", "vulnerabilityName": "Oracle WebLogic Server, Injection", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "13181331-9a0f-4bc1-a62d-4df460d9ee7f", "vulnerability": {"vulnId": "CVE-2018-13383", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "13181331-9a0f-4bc1-a62d-4df460d9ee7f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS and FortiProxy Out-of-bounds Write | Affected: Fortinet / FortiOS and FortiProxy | Description: A heap buffer overflow in Fortinet FortiOS and FortiProxy may cause the SSL VPN web service termination for logged in users. | Required action: Apply updates per vendor instructions. | Due date: 2022-07-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-13383"}, "references": [{"id": "CVE-2018-13383", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-13383"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS and FortiProxy", "due_date": "2022-07-10", "date_added": "2022-01-10", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS and FortiProxy Out-of-bounds Write", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "25981ba1-5336-4dd3-9fb3-62ec8634db75", "vulnerability": {"vulnId": "CVE-2015-7450", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2022-01-10T00:00:00+00:00"}, "gcve": {"object_uuid": "25981ba1-5336-4dd3-9fb3-62ec8634db75", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2022-01-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2022-01-10T00:00:00Z"}, "scope": {"notes": "KEV entry: IBM WebSphere Application Server and Server Hypervisor Edition Code Injection. | Affected: IBM / WebSphere Application Server and Server Hypervisor Edition | Description: Serialized-object interfaces in certain IBM analytics, business solutions, cognitive, IT infrastructure, and mobile and social products allow remote attackers to execute arbitrary commands | Required action: Apply updates per vendor instructions. | Due date: 2022-07-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-7450"}, "references": [{"id": "CVE-2015-7450", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-7450"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebSphere Application Server and Server Hypervisor Edition", "due_date": "2022-07-10", "date_added": "2022-01-10", "vendorProject": "IBM", "vulnerabilityName": "IBM WebSphere Application Server and Server Hypervisor Edition Code Injection.", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7325fa1e-f9a9-439f-a507-571262721f42", "vulnerability": {"vulnId": "CVE-2021-43890", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-15T00:00:00+00:00"}, "gcve": {"object_uuid": "7325fa1e-f9a9-439f-a507-571262721f42", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows AppX Installer Spoofing Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows AppX Installer contains a spoofing vulnerability which has a high impacts to confidentiality, integrity, and availability. | Required action: Apply updates per vendor instructions. | Due date: 2021-12-29 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-43890"}, "references": [{"id": "CVE-2021-43890", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-43890"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-12-29", "date_added": "2021-12-15", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows AppX Installer Spoofing Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "c8327794-c21c-45a6-b16e-00b6b3ec67e0", "vulnerability": {"vulnId": "CVE-2021-4102", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-15T00:00:00+00:00"}, "gcve": {"object_uuid": "c8327794-c21c-45a6-b16e-00b6b3ec67e0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-15T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-15T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Use-After-Free Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-12-29 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-4102"}, "references": [{"id": "CVE-2021-4102", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-4102"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2021-12-29", "date_added": "2021-12-15", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1df58fec-b697-4928-87a4-59fe0cbfaf47", "vulnerability": {"vulnId": "CVE-2019-13272", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "1df58fec-b697-4928-87a4-59fe0cbfaf47", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Linux Kernel Improper Privilege Management Vulnerability | Affected: Linux / Kernel | Description: Kernel/ptrace.c in Linux kernel mishandles contains an improper privilege management vulnerability that allows local users to obtain root access. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-13272"}, "references": [{"id": "CVE-2019-13272", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-13272"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Kernel", "due_date": "2022-06-10", "date_added": "2021-12-10", "vendorProject": "Linux", "vulnerabilityName": "Linux Kernel Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f2108db7-af18-448e-a25e-d2e9e86bd693", "vulnerability": {"vulnId": "CVE-2010-1871", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "f2108db7-af18-448e-a25e-d2e9e86bd693", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability | Affected: Red Hat / JBoss Seam 2 | Description: JBoss Seam 2 (jboss-seam2), as used in JBoss Enterprise Application Platform 4.3.0 for Red Hat Linux, allows attackers to perform remote code execution. This vulnerability can only be exploited when the Java Security Manager is not properly configured. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-1871"}, "references": [{"id": "CVE-2010-1871", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-1871"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "JBoss Seam 2", "due_date": "2022-06-10", "date_added": "2021-12-10", "vendorProject": "Red Hat", "vulnerabilityName": "Red Hat Linux JBoss Seam 2 Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fcd27139-d47e-48b5-89cd-64db8ae08c48", "vulnerability": {"vulnId": "CVE-2021-44515", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "fcd27139-d47e-48b5-89cd-64db8ae08c48", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Zoho Desktop Central Authentication Bypass Vulnerability | Affected: Zoho / Desktop Central | Description: Zoho Desktop Central contains an authentication bypass vulnerability that could allow an attacker to execute arbitrary code in the Desktop Central MSP server. | Required action: Apply updates per vendor instructions. | Due date: 2021-12-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-44515"}, "references": [{"id": "CVE-2021-44515", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44515"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Desktop Central", "due_date": "2021-12-24", "date_added": "2021-12-10", "vendorProject": "Zoho", "vulnerabilityName": "Zoho Desktop Central Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "152c69e2-0550-43d2-a021-1481e2eb4d04", "vulnerability": {"vulnId": "CVE-2020-17463", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "152c69e2-0550-43d2-a021-1481e2eb4d04", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Fuel CMS SQL Injection Vulnerability | Affected: Fuel CMS / Fuel CMS | Description: FUEL CMS 1.4.7 allows SQL Injection via the col parameter to /pages/items, /permissions/items, or /navigation/items. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-17463"}, "references": [{"id": "CVE-2020-17463", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-17463"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Fuel CMS", "due_date": "2022-06-10", "date_added": "2021-12-10", "vendorProject": "Fuel CMS", "vulnerabilityName": "Fuel CMS SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e98fa7a6-caab-4984-9762-e03b84ad147a", "vulnerability": {"vulnId": "CVE-2017-12149", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "e98fa7a6-caab-4984-9762-e03b84ad147a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Red Hat JBoss Application Server Remote Code Execution Vulnerability | Affected: Red Hat / JBoss Application Server | Description: The JBoss Application Server, shipped with Red Hat Enterprise Application Platform 5.2, allows an attacker to execute arbitrary code via crafted serialized data. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-10 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-12149"}, "references": [{"id": "CVE-2017-12149", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-12149"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "JBoss Application Server", "due_date": "2022-06-10", "date_added": "2021-12-10", "vendorProject": "Red Hat", "vulnerabilityName": "Red Hat JBoss Application Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "6f3ab8d9-4c0b-4969-824f-a4cdb6dbdb9a", "vulnerability": {"vulnId": "CVE-2019-0193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "6f3ab8d9-4c0b-4969-824f-a4cdb6dbdb9a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Solr DataImportHandler Code Injection Vulnerability | Affected: Apache / Solr | Description: The optional Apache Solr module DataImportHandler contains a code injection vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0193"}, "references": [{"id": "CVE-2019-0193", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0193"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Solr", "due_date": "2022-06-10", "date_added": "2021-12-10", "vendorProject": "Apache", "vulnerabilityName": "Apache Solr DataImportHandler Code Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e9e0c23f-9199-4a02-8900-bb6fe440ab3c", "vulnerability": {"vulnId": "CVE-2019-10758", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "e9e0c23f-9199-4a02-8900-bb6fe440ab3c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: MongoDB mongo-express Remote Code Execution Vulnerability | Affected: MongoDB / mongo-express | Description: mongo-express before 0.54.0 is vulnerable to Remote Code Execution via endpoints that uses the `toBSON` method. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-10758"}, "references": [{"id": "CVE-2019-10758", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-10758"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "mongo-express", "due_date": "2022-06-10", "date_added": "2021-12-10", "vendorProject": "MongoDB", "vulnerabilityName": "MongoDB mongo-express Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "40463b28-f314-48c2-8b16-7abed3cd8bdf", "vulnerability": {"vulnId": "CVE-2021-44168", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "40463b28-f314-48c2-8b16-7abed3cd8bdf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS Arbitrary File Download | Affected: Fortinet / FortiOS | Description: Fortinet FortiOS \"execute restore src-vis\" downloads code without integrity checking, allowing an attacker to arbitrarily download files. | Required action: Apply updates per vendor instructions. | Due date: 2021-12-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-44168"}, "references": [{"id": "CVE-2021-44168", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44168"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-494"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS", "due_date": "2021-12-24", "date_added": "2021-12-10", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS Arbitrary File Download", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1a45906b-8393-4ad9-ae60-01e390610497", "vulnerability": {"vulnId": "CVE-2021-44228", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "1a45906b-8393-4ad9-ae60-01e390610497", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Log4j2 Remote Code Execution Vulnerability | Affected: Apache / Log4j2 | Description: Apache Log4j2 contains a vulnerability where JNDI features do not protect against attacker-controlled JNDI-related endpoints, allowing for remote code execution. | Required action: For all affected software assets for which updates exist, the only acceptable remediation actions are: 1) Apply updates; OR 2) remove affected assets from agency networks. Temporary mitigations using one of the measures provided at https://www.cisa.gov/uscert/ed-22-02-apache-log4j-recommended-mitigation-measures are only acceptable until updates are available. | Due date: 2021-12-24 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-44228"}, "references": [{"id": "CVE-2021-44228", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44228"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-400", "CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Log4j2", "due_date": "2021-12-24", "date_added": "2021-12-10", "vendorProject": "Apache", "vulnerabilityName": "Apache Log4j2 Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8ddb9278-b358-41d1-af37-c0f46e2280d9", "vulnerability": {"vulnId": "CVE-2020-8816", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "8ddb9278-b358-41d1-af37-c0f46e2280d9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Pi-Hole AdminLTE Remote Code Execution Vulnerability | Affected: Pi-hole / AdminLTE | Description: Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8816"}, "references": [{"id": "CVE-2020-8816", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8816"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AdminLTE", "due_date": "2022-06-10", "date_added": "2021-12-10", "vendorProject": "Pi-hole", "vulnerabilityName": "Pi-Hole AdminLTE Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "84d7b148-288f-469f-a161-95980f1afc68", "vulnerability": {"vulnId": "CVE-2019-7238", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "84d7b148-288f-469f-a161-95980f1afc68", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability | Affected: Sonatype / Nexus Repository Manager | Description: Sonatype Nexus Repository Manager before 3.15.0 has an incorrect access control vulnerability. Exploitation allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-7238"}, "references": [{"id": "CVE-2019-7238", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7238"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Nexus Repository Manager", "due_date": "2022-06-10", "date_added": "2021-12-10", "vendorProject": "Sonatype", "vulnerabilityName": "Sonatype Nexus Repository Manager Incorrect Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "853a8547-0e7e-43ce-a628-bd2c34a3cb2e", "vulnerability": {"vulnId": "CVE-2017-17562", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "853a8547-0e7e-43ce-a628-bd2c34a3cb2e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Embedthis GoAhead Remote Code Execution Vulnerability | Affected: Embedthis / GoAhead | Description: Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-10 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-17562"}, "references": [{"id": "CVE-2017-17562", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-17562"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "GoAhead", "due_date": "2022-06-10", "date_added": "2021-12-10", "vendorProject": "Embedthis", "vulnerabilityName": "Embedthis GoAhead Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "04ff11cf-8ec7-4007-84e8-b961b9fca797", "vulnerability": {"vulnId": "CVE-2021-35394", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-10T00:00:00+00:00"}, "gcve": {"object_uuid": "04ff11cf-8ec7-4007-84e8-b961b9fca797", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-10T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-10T00:00:00Z"}, "scope": {"notes": "KEV entry: Realtek Jungle SDK Remote Code Execution Vulnerability | Affected: Realtek / Jungle Software Development Kit (SDK) | Description: RealTek Jungle SDK contains multiple memory corruption vulnerabilities which can allow an attacker to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-12-24 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-35394"}, "references": [{"id": "CVE-2021-35394", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-35394"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78", "CWE-138"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Jungle Software Development Kit (SDK)", "due_date": "2021-12-24", "date_added": "2021-12-10", "vendorProject": "Realtek", "vulnerabilityName": "Realtek Jungle SDK Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "128c1dc8-afab-477f-8f03-8071562fe288", "vulnerability": {"vulnId": "CVE-2021-44077", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-01T00:00:00+00:00"}, "gcve": {"object_uuid": "128c1dc8-afab-477f-8f03-8071562fe288", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-01T00:00:00Z"}, "scope": {"notes": "KEV entry: Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability | Affected: Zoho / ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus | Description: Zoho ManageEngine ServiceDesk Plus before 11306, ServiceDesk Plus MSP before 10530, and SupportCenter Plus before 11014 are vulnerable to unauthenticated remote code execution | Required action: Apply updates per vendor instructions. | Due date: 2021-12-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-44077"}, "references": [{"id": "CVE-2021-44077", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-44077"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ManageEngine ServiceDesk Plus (SDP) / SupportCenter Plus", "due_date": "2021-12-15", "date_added": "2021-12-01", "vendorProject": "Zoho", "vulnerabilityName": "Zoho ManageEngine ServiceDesk Plus Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "caf7ae17-e0e7-4f45-83e5-da3d34a31fbf", "vulnerability": {"vulnId": "CVE-2021-37415", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-01T00:00:00+00:00"}, "gcve": {"object_uuid": "caf7ae17-e0e7-4f45-83e5-da3d34a31fbf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-01T00:00:00Z"}, "scope": {"notes": "KEV entry: Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability | Affected: Zoho / ManageEngine ServiceDesk Plus (SDP) | Description: Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass that allows a few REST-API URLs without authentication | Required action: Apply updates per vendor instructions. | Due date: 2021-12-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-37415"}, "references": [{"id": "CVE-2021-37415", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-37415"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ManageEngine ServiceDesk Plus (SDP)", "due_date": "2021-12-15", "date_added": "2021-12-01", "vendorProject": "Zoho", "vulnerabilityName": "Zoho ManageEngine ServiceDesk Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4b27ca30-7eea-4e90-9dbc-8049a4959188", "vulnerability": {"vulnId": "CVE-2020-11261", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-01T00:00:00+00:00"}, "gcve": {"object_uuid": "4b27ca30-7eea-4e90-9dbc-8049a4959188", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-01T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Improper Input Validation Vulnerability | Affected: Qualcomm / Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Description: Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables | Required action: Apply updates per vendor instructions. | Due date: 2022-06-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-11261"}, "references": [{"id": "CVE-2020-11261", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11261"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables", "due_date": "2022-06-01", "date_added": "2021-12-01", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "38799646-2460-4afe-b5b9-a92164d0fe1d", "vulnerability": {"vulnId": "CVE-2021-40438", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-01T00:00:00+00:00"}, "gcve": {"object_uuid": "38799646-2460-4afe-b5b9-a92164d0fe1d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-01T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache HTTP Server-Side Request Forgery (SSRF) | Affected: Apache / Apache | Description: A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. | Required action: Apply updates per vendor instructions. | Due date: 2021-12-15 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-40438"}, "references": [{"id": "CVE-2021-40438", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-40438"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apache", "due_date": "2021-12-15", "date_added": "2021-12-01", "vendorProject": "Apache", "vulnerabilityName": "Apache HTTP Server-Side Request Forgery (SSRF)", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "81acc4b8-266f-4268-8f7f-892fbde8294e", "vulnerability": {"vulnId": "CVE-2018-14847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-12-01T00:00:00+00:00"}, "gcve": {"object_uuid": "81acc4b8-266f-4268-8f7f-892fbde8294e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-12-01T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-12-01T00:00:00Z"}, "scope": {"notes": "KEV entry: MikroTik Router OS Directory Traversal Vulnerability | Affected: MikroTik / RouterOS | Description: MikroTik RouterOS through 6.42 allows unauthenticated remote attackers to read arbitrary files and remote authenticated attackers to write arbitrary files due to a directory traversal vulnerability in the WinBox interface. | Required action: Apply updates per vendor instructions. | Due date: 2022-06-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-14847"}, "references": [{"id": "CVE-2018-14847", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-14847"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "RouterOS", "due_date": "2022-06-01", "date_added": "2021-12-01", "vendorProject": "MikroTik", "vulnerabilityName": "MikroTik Router OS Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "88e531f4-2284-4379-a6ce-0a89820f5596", "vulnerability": {"vulnId": "CVE-2021-42292", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-17T00:00:00+00:00"}, "gcve": {"object_uuid": "88e531f4-2284-4379-a6ce-0a89820f5596", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Excel Security Feature Bypass | Affected: Microsoft / Office | Description: A security feature bypass vulnerability in Microsoft Excel would allow a local user to perform arbitrary code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-12-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-42292"}, "references": [{"id": "CVE-2021-42292", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-42292"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-357"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2021-12-01", "date_added": "2021-11-17", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Excel Security Feature Bypass", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "55d4bde7-37fe-41ed-9329-04b2602082a8", "vulnerability": {"vulnId": "CVE-2021-22204", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-17T00:00:00+00:00"}, "gcve": {"object_uuid": "55d4bde7-37fe-41ed-9329-04b2602082a8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-17T00:00:00Z"}, "scope": {"notes": "KEV entry: ExifTool Remote Code Execution Vulnerability | Affected: Perl / Exiftool | Description: Improper neutralization of user data in the DjVu file format in Exiftool versions 7.44 and up allows arbitrary code execution when parsing the malicious image | Required action: Apply updates per vendor instructions. | Due date: 2021-12-01 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-22204"}, "references": [{"id": "CVE-2021-22204", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22204"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-95"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exiftool", "due_date": "2021-12-01", "date_added": "2021-11-17", "vendorProject": "Perl", "vulnerabilityName": "ExifTool Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "043df6f6-a167-4beb-a3a9-0f81632bf69a", "vulnerability": {"vulnId": "CVE-2021-42321", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-17T00:00:00+00:00"}, "gcve": {"object_uuid": "043df6f6-a167-4beb-a3a9-0f81632bf69a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Exchange | Description: An authenticated attacker could leverage improper validation in cmdlet arguments within Microsoft Exchange and perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-12-01 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-42321"}, "references": [{"id": "CVE-2021-42321", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-42321"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-184", "CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange", "due_date": "2021-12-01", "date_added": "2021-11-17", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "19b353b2-50ad-4133-a3f8-2f562294a654", "vulnerability": {"vulnId": "CVE-2021-40449", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-17T00:00:00+00:00"}, "gcve": {"object_uuid": "19b353b2-50ad-4133-a3f8-2f562294a654", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-17T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-17T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Unspecified vulnerability allows for an authenticated user to escalate privileges. | Required action: Apply updates per vendor instructions. | Due date: 2021-12-01 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-40449"}, "references": [{"id": "CVE-2021-40449", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-40449"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-12-01", "date_added": "2021-11-17", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "33fd120f-ab30-4a19-830d-d414970856cd", "vulnerability": {"vulnId": "CVE-2020-0938", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "33fd120f-ab30-4a19-830d-d414970856cd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0938"}, "references": [{"id": "CVE-2020-0938", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0938"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3aba59e7-4438-46c7-a8bb-1e8959564462", "vulnerability": {"vulnId": "CVE-2016-7255", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3aba59e7-4438-46c7-a8bb-1e8959564462", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k kernel-mode driver fails to properly handle objects in memory which allows for privilege escalation. Successful exploitation allows an attacker to run code in kernel mode. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-7255"}, "references": [{"id": "CVE-2016-7255", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-7255"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8b6a3383-9793-44ea-9b53-453e02135532", "vulnerability": {"vulnId": "CVE-2020-8195", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8b6a3383-9793-44ea-9b53-453e02135532", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability | Affected: Citrix / Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Description: Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8195"}, "references": [{"id": "CVE-2020-8195", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8195"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Citrix", "vulnerabilityName": "Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8b97620b-9a7a-45e6-b8f3-678c88f5e187", "vulnerability": {"vulnId": "CVE-2021-37975", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8b97620b-9a7a-45e6-b8f3-678c88f5e187", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Use-After-Free Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-37975"}, "references": [{"id": "CVE-2021-37975", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-37975"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8bacd853-3168-477c-83b9-cdf9ca584327", "vulnerability": {"vulnId": "CVE-2021-31955", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8bacd853-3168-477c-83b9-cdf9ca584327", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Information Disclosure Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Kernel contains an unspecified vulnerability that allows for information disclosure. Successful exploitation allows attackers to read the contents of kernel memory from a user-mode process. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-31955"}, "references": [{"id": "CVE-2021-31955", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-31955"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-497"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "30f73b31-c3fa-4be6-b685-ffb359b35e35", "vulnerability": {"vulnId": "CVE-2016-9563", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "30f73b31-c3fa-4be6-b685-ffb359b35e35", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver XML External Entity (XXE) Vulnerability | Affected: SAP / NetWeaver | Description: SAP NetWeaver Application Server Java Platforms contains an unspecified vulnerability in BC-BMT-BPM-DSK which allows remote, authenticated users to conduct XML External Entity (XXE) attacks. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-9563"}, "references": [{"id": "CVE-2016-9563", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-9563"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-611"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver XML External Entity (XXE) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "607b266e-5720-4ce3-a2e4-1d04a47e47b6", "vulnerability": {"vulnId": "CVE-2019-0708", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "607b266e-5720-4ce3-a2e4-1d04a47e47b6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Remote Desktop Services Remote Code Execution Vulnerability | Affected: Microsoft / Remote Desktop Services | Description: Microsoft Remote Desktop Services, formerly known as Terminal Service, contains an unspecified vulnerability that allows an unauthenticated attacker to connect to the target system using RDP and send specially crafted requests. Successful exploitation allows for remote code execution. The vulnerability is also known under the moniker of BlueKeep. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0708"}, "references": [{"id": "CVE-2019-0708", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0708"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Remote Desktop Services", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Remote Desktop Services Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "0ef2039c-2e7f-4f92-9fed-d54b894faa7c", "vulnerability": {"vulnId": "CVE-2019-17026", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0ef2039c-2e7f-4f92-9fed-d54b894faa7c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Firefox And Thunderbird Type Confusion Vulnerability | Affected: Mozilla / Firefox and Thunderbird | Description: Mozilla Firefox and Thunderbird contain a type confusion vulnerability due to incorrect alias information in the IonMonkey JIT compiler when setting array elements. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-17026"}, "references": [{"id": "CVE-2019-17026", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-17026"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firefox and Thunderbird", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Firefox And Thunderbird Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2bd9190a-6af7-48ef-a3d4-0c4d9255f199", "vulnerability": {"vulnId": "CVE-2020-0688", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2bd9190a-6af7-48ef-a3d4-0c4d9255f199", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server Validation Key fails to properly create unique keys at install time, allowing for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0688"}, "references": [{"id": "CVE-2020-0688", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0688"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Validation Key Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "00f1230b-e4ab-4a57-82b6-37ca92fc5626", "vulnerability": {"vulnId": "CVE-2020-0601", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "00f1230b-e4ab-4a57-82b6-37ca92fc5626", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows CryptoAPI Spoofing Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows CryptoAPI (Crypt32.dll) contains a spoofing vulnerability in the way it validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code-signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. A successful exploit could also allow the attacker to conduct man-in-the-middle attacks and decrypt confidential information on user connections to the affected software. The vulnerability is also known under the moniker of CurveBall. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Reference CISA's ED 20-02 (https://www.cisa.gov/news-events/directives/ed-20-02-mitigate-windows-vulnerabilities-january-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-02. https://nvd.nist.gov/vuln/detail/CVE-2020-0601"}, "references": [{"id": "CVE-2020-0601", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0601"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-295"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows CryptoAPI Spoofing Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2e88bcd3-e1c5-4a9d-81b1-ceaba191f102", "vulnerability": {"vulnId": "CVE-2020-1350", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2e88bcd3-e1c5-4a9d-81b1-ceaba191f102", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows DNS Server Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows DNS Servers fail to properly handle requests, allowing an attacker to perform remote code execution in the context of the Local System Account. The vulnerability is also known under the moniker of SIGRed. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Reference CISA's ED 20-03 (https://www.cisa.gov/news-events/directives/ed-20-03-mitigate-windows-dns-server-remote-code-execution-vulnerability-july-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-03. https://nvd.nist.gov/vuln/detail/CVE-2020-1350"}, "references": [{"id": "CVE-2020-1350", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1350"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows DNS Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "14286c24-dc69-472b-9819-cb20bbd7793f", "vulnerability": {"vulnId": "CVE-2017-11774", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "14286c24-dc69-472b-9819-cb20bbd7793f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Outlook Security Feature Bypass Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office Outlook contains a security feature bypass vulnerability due to improperly handling objects in memory. Successful exploitation allows an attacker to execute commands. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-11774"}, "references": [{"id": "CVE-2017-11774", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-11774"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Outlook Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "045371fc-8f9e-4a8f-87b3-fe5eb4746b0e", "vulnerability": {"vulnId": "CVE-2020-2555", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "045371fc-8f9e-4a8f-87b3-fe5eb4746b0e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Multiple Products Remote Code Execution Vulnerability | Affected: Oracle / Multiple Products | Description: Multiple Oracle products contain a remote code execution vulnerability that allows an unauthenticated attacker with network access via T3 or HTTP to takeover the affected system. Impacted Oracle products: Oracle Coherence in Fusion Middleware, Oracle Utilities Framework, Oracle Retail Assortment Planning, Oracle Commerce, Oracle Communications Diameter Signaling Router (DSR). | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-2555"}, "references": [{"id": "CVE-2020-2555", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-2555"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Multiple Products Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "00189011-3ed7-40a8-ad27-009bad7f6aa5", "vulnerability": {"vulnId": "CVE-2021-22894", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "00189011-3ed7-40a8-ad27-009bad7f6aa5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability | Affected: Ivanti / Pulse Connect Secure | Description: Ivanti Pulse Connect Secure Collaboration Suite contains a buffer overflow vulnerabilities that allows a remote authenticated users to execute code as the root user via maliciously crafted meeting room. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22894"}, "references": [{"id": "CVE-2021-22894", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22894"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pulse Connect Secure", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Pulse Connect Secure Collaboration Suite Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6d5c31ba-4a2f-43de-85e7-17de9d232470", "vulnerability": {"vulnId": "CVE-2021-36741", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6d5c31ba-4a2f-43de-85e7-17de9d232470", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Multiple Products Improper Input Validation Vulnerability | Affected: Trend Micro / Apex One, Apex One as a Service, and Worry-Free Business Security | Description: Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36741"}, "references": [{"id": "CVE-2021-36741", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-36741"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One, Apex One as a Service, and Worry-Free Business Security", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Multiple Products Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "01911cfd-2234-48c3-98f6-6d9119ac7a76", "vulnerability": {"vulnId": "CVE-2017-9805", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "01911cfd-2234-48c3-98f6-6d9119ac7a76", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Struts Deserialization of Untrusted Data Vulnerability | Affected: Apache / Struts | Description: Apache Struts REST Plugin uses an XStreamHandler with an instance of XStream for deserialization without any type filtering, which can lead to remote code execution when deserializing XML payloads. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-9805"}, "references": [{"id": "CVE-2017-9805", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-9805"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Struts", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apache", "vulnerabilityName": "Apache Struts Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8e3eb3e5-4e53-4f5e-aada-348a61a4eae8", "vulnerability": {"vulnId": "CVE-2021-22900", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8e3eb3e5-4e53-4f5e-aada-348a61a4eae8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability | Affected: Ivanti / Pulse Connect Secure | Description: Ivanti Pulse Connect Secure contains an unrestricted file upload vulnerability that allows an authenticated administrator to perform a file write via a maliciously crafted archive upload in the administrator web interface. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22900"}, "references": [{"id": "CVE-2021-22900", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22900"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pulse Connect Secure", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Pulse Connect Secure Unrestricted File Upload Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "80d28f28-abb2-460e-8f06-a3fb22c4b3d7", "vulnerability": {"vulnId": "CVE-2021-30657", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "80d28f28-abb2-460e-8f06-a3fb22c4b3d7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple macOS Unspecified Vulnerability | Affected: Apple / macOS | Description: Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30657"}, "references": [{"id": "CVE-2021-30657", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30657"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-862"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "macOS", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple macOS Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8e7dd4c0-9908-429a-a781-e195ccbba047", "vulnerability": {"vulnId": "CVE-2021-22205", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8e7dd4c0-9908-429a-a781-e195ccbba047", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: GitLab Community and Enterprise Editions Remote Code Execution Vulnerability | Affected: GitLab / Community and Enterprise Editions | Description: GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-22205"}, "references": [{"id": "CVE-2021-22205", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22205"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-95"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Community and Enterprise Editions", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "GitLab", "vulnerabilityName": "GitLab Community and Enterprise Editions Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "7aea06c5-6670-41af-911d-2ea361eb58c6", "vulnerability": {"vulnId": "CVE-2020-1464", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7aea06c5-6670-41af-911d-2ea361eb58c6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Spoofing Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows contains a spoofing vulnerability when Windows incorrectly validates file signatures, allowing an attacker to bypass security features and load improperly signed files. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-1464"}, "references": [{"id": "CVE-2020-1464", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1464"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-347"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Spoofing Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "429018ae-70fc-4c16-aa88-27150569df21", "vulnerability": {"vulnId": "CVE-2016-3715", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "429018ae-70fc-4c16-aa88-27150569df21", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: ImageMagick Arbitrary File Deletion Vulnerability | Affected: ImageMagick / ImageMagick | Description: ImageMagick contains an unspecified vulnerability that could allow users to delete files by using ImageMagick's 'ephemeral' pseudo protocol, which deletes files after reading. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-3715"}, "references": [{"id": "CVE-2016-3715", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3715"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ImageMagick", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "ImageMagick", "vulnerabilityName": "ImageMagick Arbitrary File Deletion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "20ea4c83-4210-40b4-b095-0bd80b3dffc0", "vulnerability": {"vulnId": "CVE-2020-1054", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "20ea4c83-4210-40b4-b095-0bd80b3dffc0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains a privilege escalation vulnerability when the Windows kernel-mode driver fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-1054"}, "references": [{"id": "CVE-2020-1054", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1054"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4619d914-32fd-4c50-9caa-9316a0e61f4a", "vulnerability": {"vulnId": "CVE-2017-16651", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4619d914-32fd-4c50-9caa-9316a0e61f4a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Roundcube Webmail File Disclosure Vulnerability | Affected: Roundcube / Roundcube Webmail | Description: Roundcube Webmail contains a file disclosure vulnerability caused by insufficient input validation in conjunction with file-based attachment plugins, which are used by default. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-16651"}, "references": [{"id": "CVE-2017-16651", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-16651"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-552"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Roundcube Webmail", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Roundcube", "vulnerabilityName": "Roundcube Webmail File Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4695e378-f07f-46e4-9b23-9ac8f98f88a2", "vulnerability": {"vulnId": "CVE-2020-16013", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4695e378-f07f-46e4-9b23-9ac8f98f88a2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Incorrect Implementation Vulnerabililty | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains an inappropriate implementation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-16013"}, "references": [{"id": "CVE-2020-16013", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-16013"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Incorrect Implementation Vulnerabililty", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1fbbe53f-5650-4ee1-a3ee-48f947be2570", "vulnerability": {"vulnId": "CVE-2018-6789", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1fbbe53f-5650-4ee1-a3ee-48f947be2570", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Exim Buffer Overflow Vulnerability | Affected: Exim / Exim | Description: Exim contains a buffer overflow vulnerability in the base64d function part of the SMTP listener that may allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-6789"}, "references": [{"id": "CVE-2018-6789", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-6789"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exim", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Exim", "vulnerabilityName": "Exim Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "28267577-9f07-41a2-b7a4-c0a44f4a84c2", "vulnerability": {"vulnId": "CVE-2019-0604", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "28267577-9f07-41a2-b7a4-c0a44f4a84c2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft SharePoint Remote Code Execution Vulnerability | Affected: Microsoft / SharePoint | Description: Microsoft SharePoint fails to check the source markup of an application package. An attacker who successfully exploits the vulnerability could run remote code in the context of the SharePoint application pool and the SharePoint server farm account. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0604"}, "references": [{"id": "CVE-2019-0604", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0604"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SharePoint", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft SharePoint Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "58567887-2b30-4137-bd30-4b67fe4d29ec", "vulnerability": {"vulnId": "CVE-2021-26857", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "58567887-2b30-4137-bd30-4b67fe4d29ec", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26857"}, "references": [{"id": "CVE-2021-26857", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-26857"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "802bcf12-49ed-4a0a-b948-3bf2d4cf30fc", "vulnerability": {"vulnId": "CVE-2020-0041", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "802bcf12-49ed-4a0a-b948-3bf2d4cf30fc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Kernel Out-of-Bounds Write Vulnerability | Affected: Android / Android Kernel | Description: Android Kernel binder_transaction of binder.c contains an out-of-bounds write vulnerability due to an incorrect bounds check that could allow for local privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0069 under exploit chain \"AbstractEmu.\" | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0041"}, "references": [{"id": "CVE-2020-0041", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0041"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Android Kernel", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Android", "vulnerabilityName": "Android Kernel Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fce75797-418a-4642-9159-2ab1aa2a4453", "vulnerability": {"vulnId": "CVE-2021-30661", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fce75797-418a-4642-9159-2ab1aa2a4453", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Storage Use-After-Free Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30661"}, "references": [{"id": "CVE-2021-30661", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30661"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Storage Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8e46e728-d57d-4715-90f4-1d5272088e9e", "vulnerability": {"vulnId": "CVE-2019-0863", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8e46e728-d57d-4715-90f4-1d5272088e9e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Error Reporting (WER) contains a privilege escalation vulnerability due to the way it handles files, allowing for code execution in kernel mode. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0863"}, "references": [{"id": "CVE-2019-0863", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0863"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Error Reporting (WER) Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7efa887b-f066-48ab-bfd6-b7d8ae02a2ba", "vulnerability": {"vulnId": "CVE-2019-6223", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7efa887b-f066-48ab-bfd6-b7d8ae02a2ba", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS and macOS Group Facetime Vulnerability | Affected: Apple / iOS and macOS | Description: Apple iOS and macOS Group FaceTime contains an unspecified vulnerability where the call initiator can cause the recipient's Apple device to answer unknowingly or without user interaction. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-6223"}, "references": [{"id": "CVE-2019-6223", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-6223"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS and macOS", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS and macOS Group Facetime Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "91b1deee-8c75-41d3-98c5-c7de237e8107", "vulnerability": {"vulnId": "CVE-2020-9819", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "91b1deee-8c75-41d3-98c5-c7de237e8107", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability | Affected: Apple / iOS, iPadOS, and watchOS | Description: Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-9819"}, "references": [{"id": "CVE-2020-9819", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-9819"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and watchOS", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and watchOS Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "67f2a5e1-2bfc-4b61-ac8b-fb96fb4920c6", "vulnerability": {"vulnId": "CVE-2020-4427", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "67f2a5e1-2bfc-4b61-ac8b-fb96fb4920c6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: IBM Data Risk Manager Security Bypass Vulnerability | Affected: IBM / Data Risk Manager | Description: IBM Data Risk Manager contains a security bypass vulnerability that could allow a remote attacker to bypass security restrictions when configured with SAML authentication. By sending a specially crafted HTTP request, an attacker could exploit this vulnerability to bypass the authentication process and gain full administrative access to the system. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-4427"}, "references": [{"id": "CVE-2020-4427", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-4427"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Data Risk Manager", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "IBM", "vulnerabilityName": "IBM Data Risk Manager Security Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "09a51604-d64f-4a39-880e-56999123998d", "vulnerability": {"vulnId": "CVE-2019-7481", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "09a51604-d64f-4a39-880e-56999123998d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SMA100 SQL Injection Vulnerability | Affected: SonicWall / SMA100 | Description: SonicWall SMA100 contains a SQL injection vulnerability allowing an unauthenticated user to gain read-only access to unauthorized resources. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-7481"}, "references": [{"id": "CVE-2019-7481", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-7481"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SMA100", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SMA100 SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "945f3c8c-7469-4785-9e85-23c82a0252e6", "vulnerability": {"vulnId": "CVE-2019-1653", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "945f3c8c-7469-4785-9e85-23c82a0252e6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability | Affected: Cisco / Small Business RV320 and RV325 Routers | Description: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers contain improper access controls for URLs. Exploitation could allow an attacker to download the router configuration or detailed diagnostic information. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1653"}, "references": [{"id": "CVE-2019-1653", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1653"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Small Business RV320 and RV325 Routers", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Small Business RV320 and RV325 Routers Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7de9769c-25c4-47e4-9998-184993ecea39", "vulnerability": {"vulnId": "CVE-2021-30665", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7de9769c-25c4-47e4-9998-184993ecea39", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30665"}, "references": [{"id": "CVE-2021-30665", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30665"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2ff26e73-8fb3-45c9-af05-97e29862cbf0", "vulnerability": {"vulnId": "CVE-2020-14883", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2ff26e73-8fb3-45c9-af05-97e29862cbf0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle WebLogic Server Unspecified Vulnerability | Affected: Oracle / WebLogic Server | Description: Oracle WebLogic Server contains an unspecified vulnerability in the Console component with high impacts to confidentilaity, integrity, and availability. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-14883"}, "references": [{"id": "CVE-2020-14883", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-14883"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebLogic Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle WebLogic Server Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "95770ac3-073a-40dc-9960-0cb352bb5aa9", "vulnerability": {"vulnId": "CVE-2021-33771", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "95770ac3-073a-40dc-9960-0cb352bb5aa9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-33771"}, "references": [{"id": "CVE-2021-33771", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-33771"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7d14a7d6-adec-4cf1-96ab-17ff331fdb90", "vulnerability": {"vulnId": "CVE-2020-8243", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7d14a7d6-adec-4cf1-96ab-17ff331fdb90", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Pulse Connect Secure Code Execution Vulnerability | Affected: Ivanti / Pulse Connect Secure | Description: Ivanti Pulse Connect Secure contains an unspecified vulnerability in the admin web interface that could allow an authenticated attacker to upload a custom template to perform code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2020-8243"}, "references": [{"id": "CVE-2020-8243", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8243"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pulse Connect Secure", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Pulse Connect Secure Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1ca55f98-fe3a-4535-b406-5f69be8b2d87", "vulnerability": {"vulnId": "CVE-2020-11738", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1ca55f98-fe3a-4535-b406-5f69be8b2d87", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: WordPress Snap Creek Duplicator Plugin File Download Vulnerability | Affected: WordPress / Snap Creek Duplicator Plugin | Description: WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-11738"}, "references": [{"id": "CVE-2020-11738", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11738"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Snap Creek Duplicator Plugin", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "WordPress", "vulnerabilityName": "WordPress Snap Creek Duplicator Plugin File Download Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "22faf709-6454-4211-b4e3-cfb84de4d27e", "vulnerability": {"vulnId": "CVE-2020-10199", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "22faf709-6454-4211-b4e3-cfb84de4d27e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Sonatype Nexus Repository Remote Code Execution Vulnerability | Affected: Sonatype / Nexus Repository | Description: Sonatype Nexus Repository contains an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-10199"}, "references": [{"id": "CVE-2020-10199", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10199"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-917"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Nexus Repository", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Sonatype", "vulnerabilityName": "Sonatype Nexus Repository Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "72c35bf6-7057-405a-94cc-48705015b766", "vulnerability": {"vulnId": "CVE-2021-22893", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "72c35bf6-7057-405a-94cc-48705015b766", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Pulse Connect Secure Use-After-Free Vulnerability | Affected: Ivanti / Pulse Connect Secure | Description: Ivanti Pulse Connect Secure contains a use-after-free vulnerability that allow a remote, unauthenticated attacker to execute code via license services. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22893"}, "references": [{"id": "CVE-2021-22893", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22893"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pulse Connect Secure", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Pulse Connect Secure Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "737f1af6-6cb0-4bcd-942f-dd4564221d10", "vulnerability": {"vulnId": "CVE-2019-11510", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "737f1af6-6cb0-4bcd-942f-dd4564221d10", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability | Affected: Ivanti / Pulse Connect Secure | Description: Ivanti Pulse Connect Secure contains an arbitrary file read vulnerability that allows an unauthenticated remote attacker with network access via HTTPS to send a specially crafted URI. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2019-11510"}, "references": [{"id": "CVE-2019-11510", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-11510"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pulse Connect Secure", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Pulse Connect Secure Arbitrary File Read Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3c6d62fb-a6f3-4d25-8a74-c13581eabbf5", "vulnerability": {"vulnId": "CVE-2019-11539", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3c6d62fb-a6f3-4d25-8a74-c13581eabbf5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability | Affected: Ivanti / Pulse Connect Secure and Pulse Policy Secure | Description: Ivanti Pulse Connect Secure and Policy Secure allows an authenticated attacker from the admin web interface to inject and execute commands. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-11539"}, "references": [{"id": "CVE-2019-11539", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-11539"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pulse Connect Secure and Pulse Policy Secure", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Pulse Connect Secure and Policy Secure Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "979c41ca-b63f-4759-b77a-6ac8d86104f1", "vulnerability": {"vulnId": "CVE-2020-17087", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "979c41ca-b63f-4759-b77a-6ac8d86104f1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-17087"}, "references": [{"id": "CVE-2020-17087", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-17087"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-131"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "97e901c2-5835-48ae-8377-3fc7ff015b7a", "vulnerability": {"vulnId": "CVE-2021-30551", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "97e901c2-5835-48ae-8377-3fc7ff015b7a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30551"}, "references": [{"id": "CVE-2021-30551", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30551"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122", "CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7c7abd9c-7589-4308-bd76-d7170e204dc6", "vulnerability": {"vulnId": "CVE-2018-7600", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7c7abd9c-7589-4308-bd76-d7170e204dc6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Drupal Core Remote Code Execution Vulnerability | Affected: Drupal / Drupal Core | Description: Drupal Core contains a remote code execution vulnerability that could allow an attacker to exploit multiple attack vectors on a Drupal site, resulting in complete site compromise. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-7600"}, "references": [{"id": "CVE-2018-7600", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-7600"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Drupal Core", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Drupal", "vulnerabilityName": "Drupal Core Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "6a4ef356-5bf0-4f09-883a-0bbae45d159a", "vulnerability": {"vulnId": "CVE-2020-10221", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6a4ef356-5bf0-4f09-883a-0bbae45d159a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: rConfig OS Command Injection Vulnerability | Affected: rConfig / rConfig | Description: rConfig lib/ajaxHandlers/ajaxAddTemplate.php contains an OS command injection vulnerability that allows remote attackers to execute OS commands via shell metacharacters in the fileName POST parameter. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-10221"}, "references": [{"id": "CVE-2020-10221", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10221"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "rConfig", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "rConfig", "vulnerabilityName": "rConfig OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "98248182-1a2a-46ea-9605-fc68baad604a", "vulnerability": {"vulnId": "CVE-2018-18325", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "98248182-1a2a-46ea-9605-fc68baad604a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability | Affected: DotNetNuke (DNN) / DotNetNuke (DNN) | Description: DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. This CVE ID resolves an incomplete patch for CVE-2018-15811. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-18325"}, "references": [{"id": "CVE-2018-18325", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-18325"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-326"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DotNetNuke (DNN)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "DotNetNuke (DNN)", "vulnerabilityName": "DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9847fe06-eb50-4ed4-9988-fa4fc4f93da1", "vulnerability": {"vulnId": "CVE-2019-0211", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9847fe06-eb50-4ed4-9988-fa4fc4f93da1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache HTTP Server Privilege Escalation Vulnerability | Affected: Apache / HTTP Server | Description: Apache HTTP Server, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute code with the privileges of the parent process (usually root) by manipulating the scoreboard. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0211"}, "references": [{"id": "CVE-2019-0211", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0211"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HTTP Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apache", "vulnerabilityName": "Apache HTTP Server Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "98902628-4c93-42f8-8a21-fe43dc0150e3", "vulnerability": {"vulnId": "CVE-2021-36948", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "98902628-4c93-42f8-8a21-fe43dc0150e3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Update Medic Service Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Update Medic Service contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-36948"}, "references": [{"id": "CVE-2021-36948", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-36948"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Update Medic Service Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4fd341db-d261-44c5-9891-3f4531b0097b", "vulnerability": {"vulnId": "CVE-2020-11652", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4fd341db-d261-44c5-9891-3f4531b0097b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SaltStack Salt Path Traversal Vulnerability | Affected: SaltStack / Salt | Description: SaltStack Salt contains a path traversal vulnerability in the salt-master process ClearFuncs which allows directory access to authenticated users. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-11652"}, "references": [{"id": "CVE-2020-11652", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11652"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Salt", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SaltStack", "vulnerabilityName": "SaltStack Salt Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "99447a97-cad6-4baa-9cbc-772fca9f9d98", "vulnerability": {"vulnId": "CVE-2021-27101", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "99447a97-cad6-4baa-9cbc-772fca9f9d98", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Accellion FTA SQL Injection Vulnerability | Affected: Accellion / FTA | Description: Accellion FTA contains a SQL injection vulnerability exploited via a crafted host header in a request to document_root.html. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-27101"}, "references": [{"id": "CVE-2021-27101", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27101"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89", "CWE-138"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FTA", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Accellion", "vulnerabilityName": "Accellion FTA SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "7b6fe835-de06-466c-81de-4a2b79b8cb00", "vulnerability": {"vulnId": "CVE-2020-14882", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7b6fe835-de06-466c-81de-4a2b79b8cb00", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle WebLogic Server Remote Code Execution Vulnerability | Affected: Oracle / WebLogic Server | Description: Oracle WebLogic Server contains an unspecified vulnerability, which is assessed to allow for remote code execution, based on this vulnerability being related to CVE-2020-14750. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-14882"}, "references": [{"id": "CVE-2020-14882", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-14882"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebLogic Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle WebLogic Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9a1919c5-62df-4609-a453-949df0b0b3fb", "vulnerability": {"vulnId": "CVE-2021-36742", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9a1919c5-62df-4609-a453-949df0b0b3fb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Multiple Products Improper Input Validation Vulnerability | Affected: Trend Micro / Apex One, Apex One as a Service, and Worry-Free Business Security | Description: Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://success.trendmicro.com/dcx/s/solution/000287819?language=en_US, https://success.trendmicro.com/dcx/s/solution/000287820?language=en_US; https://nvd.nist.gov/vuln/detail/CVE-2021-36742"}, "references": [{"id": "CVE-2021-36742", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-36742"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One, Apex One as a Service, and Worry-Free Business Security", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Multiple Products Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3d06f017-6572-4eb8-a4ca-1eb703042721", "vulnerability": {"vulnId": "CVE-2018-2380", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3d06f017-6572-4eb8-a4ca-1eb703042721", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP Customer Relationship Management (CRM) Path Traversal Vulnerability | Affected: SAP / Customer Relationship Management (CRM) | Description: SAP Customer Relationship Management (CRM) contains a path traversal vulnerability that allows an attacker to exploit insufficient validation of path information provided by users. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-2380"}, "references": [{"id": "CVE-2018-2380", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-2380"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Customer Relationship Management (CRM)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SAP", "vulnerabilityName": "SAP Customer Relationship Management (CRM) Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "5030e271-a2ec-43a3-9c8a-be1b1985be44", "vulnerability": {"vulnId": "CVE-2021-22005", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5030e271-a2ec-43a3-9c8a-be1b1985be44", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server File Upload Vulnerability | Affected: VMware / vCenter Server | Description: VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-22005"}, "references": [{"id": "CVE-2021-22005", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22005"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-23"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server File Upload Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "1b65712f-04b3-4102-a45a-a3dd5714866e", "vulnerability": {"vulnId": "CVE-2020-6287", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1b65712f-04b3-4102-a45a-a3dd5714866e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver Missing Authentication for Critical Function Vulnerability | Affected: SAP / NetWeaver | Description: SAP NetWeaver Application Server Java Platforms contains a missing authentication for critical function vulnerability allowing unauthenticated access to execute configuration tasks and create administrative users. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-6287"}, "references": [{"id": "CVE-2020-6287", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-6287"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9bfa1acf-cfc6-4cd0-a5b1-7606cb3c0b47", "vulnerability": {"vulnId": "CVE-2020-8468", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9bfa1acf-cfc6-4cd0-a5b1-7606cb3c0b47", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Multiple Products Content Validation Escape Vulnerability | Affected: Trend Micro / Apex One, OfficeScan and Worry-Free Business Security Agents | Description: Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8468"}, "references": [{"id": "CVE-2020-8468", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8468"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One, OfficeScan and Worry-Free Business Security Agents", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Multiple Products Content Validation Escape Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "78530407-56d0-47a6-aa0e-30eb263688ba", "vulnerability": {"vulnId": "CVE-2021-1782", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "78530407-56d0-47a6-aa0e-30eb263688ba", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Race Condition Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1782"}, "references": [{"id": "CVE-2021-1782", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1782"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-362", "CWE-667"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Race Condition Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9c45bc9e-6881-4331-be62-65ae992faf6d", "vulnerability": {"vulnId": "CVE-2020-10189", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9c45bc9e-6881-4331-be62-65ae992faf6d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Zoho ManageEngine Desktop Central File Upload Vulnerability | Affected: Zoho / ManageEngine | Description: Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-10189"}, "references": [{"id": "CVE-2020-10189", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10189"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ManageEngine", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Zoho", "vulnerabilityName": "Zoho ManageEngine Desktop Central File Upload Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5ac1c1a8-6831-4fc1-be74-81e666a56e4f", "vulnerability": {"vulnId": "CVE-2019-4716", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5ac1c1a8-6831-4fc1-be74-81e666a56e4f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: IBM Planning Analytics Remote Code Execution Vulnerability | Affected: IBM / Planning Analytics | Description: IBM Planning Analytics is vulnerable to a configuration overwrite that allows an unauthenticated user to login as \"admin\", and then execute code as root or SYSTEM via TM1 scripting. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-4716"}, "references": [{"id": "CVE-2019-4716", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-4716"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Planning Analytics", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "IBM", "vulnerabilityName": "IBM Planning Analytics Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9c823af5-e161-4f46-919c-93a5074b8a47", "vulnerability": {"vulnId": "CVE-2020-0683", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9c823af5-e161-4f46-919c-93a5074b8a47", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Installer Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Installer contains a privilege escalation vulnerability when MSI packages process symbolic links, which allows attackers to bypass access restrictions to add or remove files. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0683"}, "references": [{"id": "CVE-2020-0683", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0683"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Installer Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "47620fe3-6f58-467f-912f-89ae4207bf97", "vulnerability": {"vulnId": "CVE-2021-31199", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "47620fe3-6f58-467f-912f-89ae4207bf97", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability | Affected: Microsoft / Enhanced Cryptographic Provider | Description: Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-31199"}, "references": [{"id": "CVE-2021-31199", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-31199"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Enhanced Cryptographic Provider", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9ce101d9-15e2-4ee3-b0f6-d0f982ab95c9", "vulnerability": {"vulnId": "CVE-2020-9859", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9ce101d9-15e2-4ee3-b0f6-d0f982ab95c9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Code Execution Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, watchOS, and tvOS contain an unspecified vulnerability that may allow an application to execute code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-9859"}, "references": [{"id": "CVE-2020-9859", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-9859"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-415"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "773ffd81-fbd7-4b16-a69b-0b388c968ca1", "vulnerability": {"vulnId": "CVE-2018-13379", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "773ffd81-fbd7-4b16-a69b-0b388c968ca1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS SSL VPN Path Traversal Vulnerability | Affected: Fortinet / FortiOS | Description: Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-13379"}, "references": [{"id": "CVE-2018-13379", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-13379"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS SSL VPN Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "5308e0ab-b3d1-4141-8dba-a236e1c2c68e", "vulnerability": {"vulnId": "CVE-2018-14558", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5308e0ab-b3d1-4141-8dba-a236e1c2c68e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability | Affected: Tenda / AC7, AC9, and AC10 Routers | Description: Tenda AC7, AC9, and AC10 devices contain a command injection vulnerability due to  the \"formsetUsbUnload\" function executes a dosystemCmd function with untrusted input. Successful exploitation allows an attacker to execute OS commands via a crafted goform/setUsbUnload request. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-14558"}, "references": [{"id": "CVE-2018-14558", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-14558"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AC7, AC9, and AC10 Routers", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Tenda", "vulnerabilityName": "Tenda AC7, AC9, and AC10 Routers Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9d4cbc3b-2b12-4834-bdf1-acec6b108472", "vulnerability": {"vulnId": "CVE-2020-16017", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9d4cbc3b-2b12-4834-bdf1-acec6b108472", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chrome Use-After-Free Vulnerability | Affected: Google / Chrome | Description: Google Chrome contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page.   | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-16017"}, "references": [{"id": "CVE-2020-16017", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-16017"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chrome", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chrome Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "62c91341-8a1b-4047-8a65-c355b05469b8", "vulnerability": {"vulnId": "CVE-2019-9082", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "62c91341-8a1b-4047-8a65-c355b05469b8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: ThinkPHP Remote Code Execution Vulnerability | Affected: ThinkPHP / ThinkPHP | Description: ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-9082"}, "references": [{"id": "CVE-2019-9082", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-9082"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306", "CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ThinkPHP", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "ThinkPHP", "vulnerabilityName": "ThinkPHP Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "9e86c9fe-50ce-415d-9571-67c23bed1bac", "vulnerability": {"vulnId": "CVE-2021-1871", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "9e86c9fe-50ce-415d-9571-67c23bed1bac", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability | Affected: Apple / iOS, iPadOS, and macOS | Description: Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1871"}, "references": [{"id": "CVE-2021-1871", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1871"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1173"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and macOS", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5057e5ec-e8df-4678-8e49-0c2eb3a9455e", "vulnerability": {"vulnId": "CVE-2021-34448", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5057e5ec-e8df-4678-8e49-0c2eb3a9455e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Scripting Engine contains an unspecified vulnerability that allows for memory corruption. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-34448"}, "references": [{"id": "CVE-2021-34448", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-34448"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Scripting Engine Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3daec85e-6878-4d4f-b497-5914218cb71e", "vulnerability": {"vulnId": "CVE-2021-27561", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3daec85e-6878-4d4f-b497-5914218cb71e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability | Affected: Yealink / Device Management | Description: Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-27561"}, "references": [{"id": "CVE-2021-27561", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27561"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Device Management", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Yealink", "vulnerabilityName": "Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "31315a90-8e28-4040-93ff-512adeaf1e1e", "vulnerability": {"vulnId": "CVE-2021-21193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "31315a90-8e28-4040-93ff-512adeaf1e1e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Blink Use-After-Free Vulnerability | Affected: Google / Chromium Blink | Description: Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21193"}, "references": [{"id": "CVE-2021-21193", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21193"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium Blink", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Blink Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0aa85098-fe7e-421c-b01d-339de248e3f8", "vulnerability": {"vulnId": "CVE-2021-20023", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0aa85098-fe7e-421c-b01d-339de248e3f8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall Email Security Path Traversal Vulnerability | Affected: SonicWall / SonicWall Email Security | Description: SonicWall Email Security contains a path traversal vulnerability that allows a post-authenticated attacker to read files on the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20022 to achieve privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-20023"}, "references": [{"id": "CVE-2021-20023", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20023"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SonicWall Email Security", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall Email Security Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "a639844a-976e-4b09-826d-de7e8f829f70", "vulnerability": {"vulnId": "CVE-2021-30632", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a639844a-976e-4b09-826d-de7e8f829f70", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Out-of-Bounds Write Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains an out-of-bounds write vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30632"}, "references": [{"id": "CVE-2021-30632", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30632"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5c2c495d-c874-408b-8091-32cfcb5708d8", "vulnerability": {"vulnId": "CVE-2020-24557", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5c2c495d-c874-408b-8091-32cfcb5708d8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Multiple Products Improper Access Control Vulnerability | Affected: Trend Micro / Apex One, OfficeScan, and Worry-Free Business Security | Description: Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-24557"}, "references": [{"id": "CVE-2020-24557", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-24557"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One, OfficeScan, and Worry-Free Business Security", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Multiple Products Improper Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7074f6db-0ce6-488f-879e-ffe4397a91f0", "vulnerability": {"vulnId": "CVE-2020-8599", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7074f6db-0ce6-488f-879e-ffe4397a91f0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability | Affected: Trend Micro / Apex One and OfficeScan | Description: Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8599"}, "references": [{"id": "CVE-2020-8599", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8599"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One and OfficeScan", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "750f6498-e868-49e9-8579-e5b35213f0ec", "vulnerability": {"vulnId": "CVE-2019-5591", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "750f6498-e868-49e9-8579-e5b35213f0ec", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS Default Configuration Vulnerability | Affected: Fortinet / FortiOS | Description: Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-5591"}, "references": [{"id": "CVE-2019-5591", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-5591"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS Default Configuration Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "58744c2e-e319-4ad4-8906-9bbaa0d55f1c", "vulnerability": {"vulnId": "CVE-2019-20085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "58744c2e-e319-4ad4-8906-9bbaa0d55f1c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: TVT NVMS-1000 Directory Traversal Vulnerability | Affected: TVT / NVMS-1000 | Description: TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-20085"}, "references": [{"id": "CVE-2019-20085", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-20085"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NVMS-1000", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "TVT", "vulnerabilityName": "TVT NVMS-1000 Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a07df2dc-7fdc-45c7-a08c-b415e537fc9e", "vulnerability": {"vulnId": "CVE-2021-21224", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a07df2dc-7fdc-45c7-a08c-b415e537fc9e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to execute code inside a sandbox via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21224"}, "references": [{"id": "CVE-2021-21224", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21224"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "132ea468-54a9-4dc3-aab3-616beebb9748", "vulnerability": {"vulnId": "CVE-2020-5847", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "132ea468-54a9-4dc3-aab3-616beebb9748", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Unraid Remote Code Execution Vulnerability | Affected: Unraid / Unraid | Description: Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-5847"}, "references": [{"id": "CVE-2020-5847", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-5847"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Unraid", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Unraid", "vulnerabilityName": "Unraid Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a16f519f-12f3-480a-834a-27350b682b43", "vulnerability": {"vulnId": "CVE-2021-22899", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a16f519f-12f3-480a-834a-27350b682b43", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Pulse Connect Secure Command Injection Vulnerability | Affected: Ivanti / Pulse Connect Secure | Description: Ivanti Pulse Connect Secure contains a command injection vulnerability that allows remote authenticated users to perform remote code execution via Windows File Resource Profiles. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2021-22899"}, "references": [{"id": "CVE-2021-22899", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22899"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pulse Connect Secure", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Pulse Connect Secure Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "734f60ad-c048-4dbf-a4b4-4207cde78df1", "vulnerability": {"vulnId": "CVE-2021-38648", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "734f60ad-c048-4dbf-a4b4-4207cde78df1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability | Affected: Microsoft / Open Management Infrastructure (OMI) | Description: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-38648"}, "references": [{"id": "CVE-2021-38648", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-38648"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1390"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Open Management Infrastructure (OMI)", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "67ae2bd6-5e78-43ae-b35d-2bb0cfdbb4d3", "vulnerability": {"vulnId": "CVE-2019-5544", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "67ae2bd6-5e78-43ae-b35d-2bb0cfdbb4d3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability | Affected: VMware / VMware ESXi and Horizon DaaS | Description: VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-5544"}, "references": [{"id": "CVE-2019-5544", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-5544"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "VMware ESXi and Horizon DaaS", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8fa6c497-5fe7-4257-87b7-2c7509f2a4ff", "vulnerability": {"vulnId": "CVE-2021-21985", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8fa6c497-5fe7-4257-87b7-2c7509f2a4ff", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server Improper Input Validation Vulnerability | Affected: VMware / vCenter Server | Description: VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21985"}, "references": [{"id": "CVE-2021-21985", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21985"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-470", "CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "a293ac31-0095-412c-a4e3-7a2b35062af4", "vulnerability": {"vulnId": "CVE-2021-38645", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a293ac31-0095-412c-a4e3-7a2b35062af4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability | Affected: Microsoft / Open Management Infrastructure (OMI) | Description: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-38645"}, "references": [{"id": "CVE-2021-38645", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-38645"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Open Management Infrastructure (OMI)", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "850933f8-408b-47b5-998d-ea5a1625373f", "vulnerability": {"vulnId": "CVE-2019-9978", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "850933f8-408b-47b5-998d-ea5a1625373f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability | Affected: WordPress / Social Warfare Plugin | Description: WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-9978"}, "references": [{"id": "CVE-2019-9978", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-9978"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Social Warfare Plugin", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "WordPress", "vulnerabilityName": "WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a3a8ab3f-fa0d-4bfe-8fdd-e74de4ef534f", "vulnerability": {"vulnId": "CVE-2019-15949", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a3a8ab3f-fa0d-4bfe-8fdd-e74de4ef534f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Nagios XI Remote Code Execution Vulnerability | Affected: Nagios / Nagios XI | Description: Nagios XI contains a remote code execution vulnerability in which a user can modify the check_plugin executable and insert malicious commands to execute as root. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-15949"}, "references": [{"id": "CVE-2019-15949", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-15949"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Nagios XI", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Nagios", "vulnerabilityName": "Nagios XI Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7239fc43-6211-4d3f-a351-a15897c4ea1d", "vulnerability": {"vulnId": "CVE-2020-1380", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7239fc43-6211-4d3f-a351-a15897c4ea1d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-1380"}, "references": [{"id": "CVE-2020-1380", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1380"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "82b3755e-4b1c-4ad0-ab4c-46c3c7e7c567", "vulnerability": {"vulnId": "CVE-2020-25213", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "82b3755e-4b1c-4ad0-ab4c-46c3c7e7c567", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: WordPress File Manager Plugin Remote Code Execution Vulnerability | Affected: WordPress / File Manager Plugin | Description: WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-25213"}, "references": [{"id": "CVE-2020-25213", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-25213"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "File Manager Plugin", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "WordPress", "vulnerabilityName": "WordPress File Manager Plugin Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a6b05d78-d447-4f28-a751-e3141f077dd2", "vulnerability": {"vulnId": "CVE-2017-0199", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a6b05d78-d447-4f28-a751-e3141f077dd2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office and WordPad Remote Code Execution Vulnerability | Affected: Microsoft / Office and WordPad | Description: Microsoft Office and WordPad contain an unspecified vulnerability due to the way the applications parse specially crafted files. Successful exploitation allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0199"}, "references": [{"id": "CVE-2017-0199", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0199"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office and WordPad", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office and WordPad Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "060fdc94-2b70-4c97-a175-11052ccf99f8", "vulnerability": {"vulnId": "CVE-2021-21206", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "060fdc94-2b70-4c97-a175-11052ccf99f8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Blink Use-After-Free Vulnerability | Affected: Google / Chromium Blink | Description: Google Chromium Blink contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21206"}, "references": [{"id": "CVE-2021-21206", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21206"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium Blink", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Blink Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a7ccd6c2-6da1-4e10-b64e-117dacf43266", "vulnerability": {"vulnId": "CVE-2021-31201", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a7ccd6c2-6da1-4e10-b64e-117dacf43266", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability | Affected: Microsoft / Enhanced Cryptographic Provider | Description: Microsoft Enhanced Cryptographic Provider contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-31201"}, "references": [{"id": "CVE-2021-31201", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-31201"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Enhanced Cryptographic Provider", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Enhanced Cryptographic Provider Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a868204d-500d-4c7f-ab0c-356118ba0be6", "vulnerability": {"vulnId": "CVE-2020-8193", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a868204d-500d-4c7f-ab0c-356118ba0be6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability | Affected: Citrix / Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Description: Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an authorization bypass vulnerability that may allow unauthenticated access to certain URL endpoints. The attacker must have access to the NetScaler IP (NSIP) in order to perform exploitation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8193"}, "references": [{"id": "CVE-2020-8193", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8193"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Citrix", "vulnerabilityName": "Citrix ADC, Gateway, and SD-WAN WANOP Appliance Authorization Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a87fcd3e-2b49-4304-96b6-a6e174d41da9", "vulnerability": {"vulnId": "CVE-2012-0158", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a87fcd3e-2b49-4304-96b6-a6e174d41da9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability | Affected: Microsoft / MSCOMCTL.OCX | Description: Microsoft MSCOMCTL.OCX contains an unspecified vulnerability that allows for remote code execution, allowing an attacker to take complete control of an affected system under the context of the current user. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-0158"}, "references": [{"id": "CVE-2012-0158", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-0158"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MSCOMCTL.OCX", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft MSCOMCTL.OCX Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a970b190-9fbb-422e-a763-97feb3757ee3", "vulnerability": {"vulnId": "CVE-2020-6819", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a970b190-9fbb-422e-a763-97feb3757ee3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Firefox And Thunderbird Use-After-Free Vulnerability | Affected: Mozilla / Firefox and Thunderbird | Description: Mozilla Firefox and Thunderbird contain a race condition vulnerability when running the nsDocShell destructor under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-6819"}, "references": [{"id": "CVE-2020-6819", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-6819"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-362", "CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firefox and Thunderbird", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Firefox And Thunderbird Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ab11cc3b-5777-46c9-ac87-3b5a3b445c23", "vulnerability": {"vulnId": "CVE-2021-34527", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ab11cc3b-5777-46c9-ac87-3b5a3b445c23", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Print Spooler Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Print Spooler contains an unspecified vulnerability due to the Windows Print Spooler service improperly performing privileged file operations. Successful exploitation allows an attacker to perform remote code execution with SYSTEM privileges. The vulnerability is also known under the moniker of PrintNightmare. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): Reference CISA's ED 21-04 (https://www.cisa.gov/news-events/directives/ed-21-04-mitigate-windows-print-spooler-service-vulnerability) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-04. https://nvd.nist.gov/vuln/detail/CVE-2021-34527"}, "references": [{"id": "CVE-2021-34527", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-34527"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Print Spooler Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "ab23108e-77df-4b2f-863e-9bb6e4021b00", "vulnerability": {"vulnId": "CVE-2020-1040", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ab23108e-77df-4b2f-863e-9bb6e4021b00", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability | Affected: Microsoft / Hyper-V RemoteFX | Description: Microsoft Hyper-V RemoteFX vGPU contains an improper input validation vulnerability due to the host server failing to properly validate input from an authenticated user on a guest operating system. Successful exploitation allows for remote code execution on the host operating system. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-1040"}, "references": [{"id": "CVE-2020-1040", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1040"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Hyper-V RemoteFX", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Hyper-V RemoteFX vGPU Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6dfe25d0-1f9e-4a1a-922c-d3d2eeaee3b1", "vulnerability": {"vulnId": "CVE-2021-21972", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6dfe25d0-1f9e-4a1a-922c-d3d2eeaee3b1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server Remote Code Execution Vulnerability | Affected: VMware / vCenter Server | Description: VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21972"}, "references": [{"id": "CVE-2021-21972", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21972"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-23"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "6daca379-ed96-45eb-bd27-d9969513d77e", "vulnerability": {"vulnId": "CVE-2021-20090", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6daca379-ed96-45eb-bd27-d9969513d77e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Arcadyan Buffalo Firmware Path Traversal Vulnerability | Affected: Arcadyan / Buffalo Firmware | Description: Arcadyan Buffalo firmware contains a path traversal vulnerability that could allow unauthenticated, remote attackers to bypass authentication and access sensitive information. This vulnerability affects multiple routers across several different vendors. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-20090"}, "references": [{"id": "CVE-2021-20090", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20090"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Buffalo Firmware", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Arcadyan", "vulnerabilityName": "Arcadyan Buffalo Firmware Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b0fff777-8964-4197-9f78-a8e013eed297", "vulnerability": {"vulnId": "CVE-2019-18935", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b0fff777-8964-4197-9f78-a8e013eed297", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability | Affected: Progress / Telerik UI for ASP.NET AJAX | Description: Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-18935"}, "references": [{"id": "CVE-2019-18935", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-18935"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Telerik UI for ASP.NET AJAX", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Progress", "vulnerabilityName": "Progress Telerik UI for ASP.NET AJAX Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "6d621247-2552-48c4-bb8b-05fae0429f21", "vulnerability": {"vulnId": "CVE-2021-26084", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6d621247-2552-48c4-bb8b-05fae0429f21", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability | Affected: Atlassian / Confluence Server and Data Center | Description: Atlassian Confluence Server and Data Server contain an Object-Graph Navigation Language (OGNL) injection vulnerability that may allow an unauthenticated attacker to execute code. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-26084"}, "references": [{"id": "CVE-2021-26084", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-26084"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-917"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Confluence Server and Data Center", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Confluence Server and Data Center Object-Graph Navigation Language (OGNL) Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "aec7d108-1121-4fd4-a481-d7539c1aada4", "vulnerability": {"vulnId": "CVE-2021-30713", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "aec7d108-1121-4fd4-a481-d7539c1aada4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple macOS Unspecified Vulnerability | Affected: Apple / macOS | Description: Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30713"}, "references": [{"id": "CVE-2021-30713", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30713"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-862"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "macOS", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple macOS Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6c1b6e36-1586-4df3-9f7f-b7206f3395df", "vulnerability": {"vulnId": "CVE-2018-4939", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6c1b6e36-1586-4df3-9f7f-b7206f3395df", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Deserialization of Untrusted Data Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe ColdFusion contains a deserialization of untrusted data vulnerability that could allow for code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-4939"}, "references": [{"id": "CVE-2018-4939", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-4939"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6b034c22-dc95-4e88-9400-c92b8d5191c8", "vulnerability": {"vulnId": "CVE-2021-1905", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6b034c22-dc95-4e88-9400-c92b8d5191c8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Use-After-Free Vulnerability | Affected: Qualcomm / Multiple Chipsets | Description: Multiple Qualcomm Chipsets contain a use after free vulnerability due to improper handling of memory mapping of multiple processes simultaneously. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1905"}, "references": [{"id": "CVE-2021-1905", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1905"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b0d7b315-2a9b-475a-8b6b-9a800c4539db", "vulnerability": {"vulnId": "CVE-2017-6327", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b0d7b315-2a9b-475a-8b6b-9a800c4539db", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Symantec Messaging Gateway Remote Code Execution Vulnerability | Affected: Symantec / Symantec Messaging Gateway | Description: Symantec Messaging Gateway contains an unspecified vulnerability which can allow for remote code execution. With the ability to perform remote code execution, an attacker may also desire to perform privilege escalating actions. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-6327"}, "references": [{"id": "CVE-2017-6327", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-6327"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Symantec Messaging Gateway", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Symantec", "vulnerabilityName": "Symantec Messaging Gateway Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b1987193-7ae0-414f-81e1-7fff54f3125e", "vulnerability": {"vulnId": "CVE-2020-5735", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b1987193-7ae0-414f-81e1-7fff54f3125e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability | Affected: Amcrest / Cameras and Network Video Recorder (NVR) | Description: Amcrest cameras and NVR contain a stack-based buffer overflow vulnerability through port 37777 that allows an unauthenticated, remote attacker to crash the device and possibly execute code. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-5735"}, "references": [{"id": "CVE-2020-5735", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-5735"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-121"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Cameras and Network Video Recorder (NVR)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Amcrest", "vulnerabilityName": "Amcrest Cameras and NVR Stack-based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b199d970-f059-4e88-b16c-082166b79fc1", "vulnerability": {"vulnId": "CVE-2021-30663", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b199d970-f059-4e88-b16c-082166b79fc1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products WebKit Integer Overflow Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30663"}, "references": [{"id": "CVE-2021-30663", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30663"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products WebKit Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b2516fc5-6d22-4f70-b1d9-8cb2e61d9823", "vulnerability": {"vulnId": "CVE-2021-21166", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b2516fc5-6d22-4f70-b1d9-8cb2e61d9823", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Race Condition Vulnerability | Affected: Google / Chromium | Description: Google Chromium contains a race condition vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21166"}, "references": [{"id": "CVE-2021-21166", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21166"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122", "CWE-362"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Race Condition Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "594b802f-4924-4418-81ec-9491c0cb9aa9", "vulnerability": {"vulnId": "CVE-2021-31956", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "594b802f-4924-4418-81ec-9491c0cb9aa9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows NTFS Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows New Technology File System (NTFS) contains an unspecified vulnerability that allows attackers to escalate privileges via a specially crafted application. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-31956"}, "references": [{"id": "CVE-2021-31956", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-31956"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-191", "CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows NTFS Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b51135c0-a8fc-4169-9efd-17a883b6e8ea", "vulnerability": {"vulnId": "CVE-2018-15961", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b51135c0-a8fc-4169-9efd-17a883b6e8ea", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe ColdFusion Unrestricted File Upload Vulnerability | Affected: Adobe / ColdFusion | Description: Adobe ColdFusion contains an unrestricted file upload vulnerability that could allow for code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-15961"}, "references": [{"id": "CVE-2018-15961", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-15961"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ColdFusion", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe ColdFusion Unrestricted File Upload Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b51aa925-7438-444b-b0f8-405aba260e3e", "vulnerability": {"vulnId": "CVE-2021-33739", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b51aa925-7438-444b-b0f8-405aba260e3e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Desktop Window Manager (DWM) Core Library contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-33739"}, "references": [{"id": "CVE-2021-33739", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-33739"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Desktop Window Manager (DWM) Core Library Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b561140e-8dd9-43e7-9562-b4af776a014b", "vulnerability": {"vulnId": "CVE-2016-3643", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b561140e-8dd9-43e7-9562-b4af776a014b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Virtualization Manager Privilege Escalation Vulnerability | Affected: SolarWinds / Virtualization Manager | Description: SolarWinds Virtualization Manager allows for privilege escalation through leveraging a misconfiguration of sudo. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-3643"}, "references": [{"id": "CVE-2016-3643", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3643"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Virtualization Manager", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Virtualization Manager Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4285bbd7-e823-4a4c-9524-1c885272a244", "vulnerability": {"vulnId": "CVE-2020-6418", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4285bbd7-e823-4a4c-9524-1c885272a244", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-6418"}, "references": [{"id": "CVE-2020-6418", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-6418"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "69c7147d-f00d-4195-bbc3-16a181f5c9cf", "vulnerability": {"vulnId": "CVE-2017-9822", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "69c7147d-f00d-4195-bbc3-16a181f5c9cf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: DotNetNuke (DNN) Remote Code Execution Vulnerability | Affected: DotNetNuke (DNN) / DotNetNuke (DNN) | Description: DotNetNuke (DNN) contains a vulnerability that may allow for remote code execution via cookie deserialization. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-9822"}, "references": [{"id": "CVE-2017-9822", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-9822"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DotNetNuke (DNN)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "DotNetNuke (DNN)", "vulnerabilityName": "DotNetNuke (DNN) Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "b5db12cd-d642-4411-8fa1-e58c3a0cc189", "vulnerability": {"vulnId": "CVE-2020-16010", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b5db12cd-d642-4411-8fa1-e58c3a0cc189", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chrome for Android UI Heap Buffer Overflow Vulnerability | Affected: Google / Chrome for Android UI | Description: Google Chrome for Android UI contains a heap buffer overflow vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-16010"}, "references": [{"id": "CVE-2020-16010", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-16010"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chrome for Android UI", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chrome for Android UI Heap Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b726da81-c382-4a4d-ad0b-79303e0c93c9", "vulnerability": {"vulnId": "CVE-2019-15752", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b726da81-c382-4a4d-ad0b-79303e0c93c9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Docker Desktop Community Edition Privilege Escalation Vulnerability | Affected: Docker / Desktop Community Edition | Description: Docker Desktop Community Edition contains a vulnerability that may allow local users to escalate privileges by placing a trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\\DockerDesktop\\version-bin\\. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-15752"}, "references": [{"id": "CVE-2019-15752", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-15752"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-732"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Desktop Community Edition", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Docker", "vulnerabilityName": "Docker Desktop Community Edition Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "b7439daa-64bf-4036-b29e-8bf27c4fc7ac", "vulnerability": {"vulnId": "CVE-2021-27085", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "b7439daa-64bf-4036-b29e-8bf27c4fc7ac", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Remote Code Execution Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-27085"}, "references": [{"id": "CVE-2021-27085", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27085"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6927f314-64d5-4b34-921a-a8411ce66416", "vulnerability": {"vulnId": "CVE-2018-4878", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6927f314-64d5-4b34-921a-a8411ce66416", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Flash Player Use-After-Free Vulnerability | Affected: Adobe / Flash Player | Description: Adobe Flash Player contains a use-after-free vulnerability that could allow for code execution. | Required action: The impacted product is end-of-life and should be disconnected if still in use. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-4878"}, "references": [{"id": "CVE-2018-4878", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-4878"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Flash Player", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "869243cd-fbdf-4fd3-8b94-05868bdc96a3", "vulnerability": {"vulnId": "CVE-2020-10181", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "869243cd-fbdf-4fd3-8b94-05868bdc96a3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability | Affected: Sumavision / Enhanced Multimedia Router (EMR) | Description: Sumavision Enhanced Multimedia Router (EMR) contains a cross-site request forgery (CSRF) vulnerability allowing the creation of users with elevated privileges as administrator on a device. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-10181"}, "references": [{"id": "CVE-2020-10181", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10181"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-352"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Enhanced Multimedia Router (EMR)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Sumavision", "vulnerabilityName": "Sumavision EMR Cross-Site Request Forgery (CSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2422b396-20bd-4262-9a81-d990337fc562", "vulnerability": {"vulnId": "CVE-2020-1020", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2422b396-20bd-4262-9a81-d990337fc562", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Adobe Font Manager Library contains an unspecified vulnerability when handling specially crafted multi-master fonts (Adobe Type 1 PostScript format) that allows for remote code execution for all systems except Windows 10. For systems running Windows 10, an attacker who successfully exploited the vulnerability could execute code in an AppContainer sandbox context with limited privileges and capabilities. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-1020"}, "references": [{"id": "CVE-2020-1020", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1020"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Adobe Font Manager Library Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "371a464c-9ef3-46fe-85ff-e6b11dadaf5f", "vulnerability": {"vulnId": "CVE-2018-0798", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "371a464c-9ef3-46fe-85ff-e6b11dadaf5f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Memory Corruption Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0802. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0798"}, "references": [{"id": "CVE-2018-0798", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0798"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fd28ef50-3079-426e-8645-7be50d46c6d8", "vulnerability": {"vulnId": "CVE-2019-0808", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fd28ef50-3079-426e-8645-7be50d46c6d8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains a privilege escalation vulnerability due to the component failing to properly handle objects in memory. Successful exploitation allows an attacker to run code in kernel mode. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0808"}, "references": [{"id": "CVE-2019-0808", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0808"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "570053cd-73f1-4c7b-97ec-edc61922f285", "vulnerability": {"vulnId": "CVE-2019-3398", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "570053cd-73f1-4c7b-97ec-edc61922f285", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Confluence Server and Data Center Path Traversal Vulnerability | Affected: Atlassian / Confluence Server and Data Center | Description: Atlassian Confluence Server and Data Center contain a path traversal vulnerability in the downloadallattachments resource that may allow a privileged, remote attacker to write files. Exploitation can lead to remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-3398"}, "references": [{"id": "CVE-2019-3398", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-3398"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Confluence Server and Data Center", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Confluence Server and Data Center Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "352bf46a-cf99-4064-b345-0f6324c9ad58", "vulnerability": {"vulnId": "CVE-2021-22986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "352bf46a-cf99-4064-b345-0f6324c9ad58", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability | Affected: F5 / BIG-IP and BIG-IQ Centralized Management | Description: F5 BIG-IP and BIG-IQ Centralized Management contain a remote code execution vulnerability in the iControl REST interface that allows unauthenticated attackers with network access to execute system commands, create or delete files, and disable services. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-22986"}, "references": [{"id": "CVE-2021-22986", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22986"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-863"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "BIG-IP and BIG-IQ Centralized Management", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "F5", "vulnerabilityName": "F5 BIG-IP and BIG-IQ Centralized Management iControl REST Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "8f1fb298-75c2-40c1-94a6-77d15102dd50", "vulnerability": {"vulnId": "CVE-2012-3152", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8f1fb298-75c2-40c1-94a6-77d15102dd50", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Fusion Middleware Unspecified Vulnerability | Affected: Oracle / Fusion Middleware | Description: Oracle Fusion Middleware Reports Developer contains an unspecified vulnerability that allows remote attackers to affect confidentiality and integrity of affected systems. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2012-3152"}, "references": [{"id": "CVE-2012-3152", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2012-3152"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Fusion Middleware", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Fusion Middleware Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "66c21dac-31a1-4d9a-adbb-50968c33d311", "vulnerability": {"vulnId": "CVE-2021-35464", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "66c21dac-31a1-4d9a-adbb-50968c33d311", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability | Affected: ForgeRock / Access Management (AM) | Description: ForgeRock Access Management (AM) Core Server allows an attacker who sends a specially crafted HTTP request to one of three endpoints (/ccversion/Version, /ccversion/Masthead, or /ccversion/ButtonFrame) to execute code in the context of the current user (unless ForgeRock AM is running as root user, which the vendor does not recommend). | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-35464"}, "references": [{"id": "CVE-2021-35464", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-35464"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Access Management (AM)", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "ForgeRock", "vulnerabilityName": "ForgeRock Access Management (AM) Core Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "ba971441-cc2f-48ae-adba-9e3b32417dc8", "vulnerability": {"vulnId": "CVE-2021-30554", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ba971441-cc2f-48ae-adba-9e3b32417dc8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium WebGL Use-After-Free Vulnerability | Affected: Google / Chromium WebGL | Description: Google Chromium WebGL contains a use-after-free vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30554"}, "references": [{"id": "CVE-2021-30554", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30554"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium WebGL", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium WebGL Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bb82a999-e6ea-4328-a873-eb36674501cf", "vulnerability": {"vulnId": "CVE-2020-3992", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bb82a999-e6ea-4328-a873-eb36674501cf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware ESXi OpenSLP Use-After-Free Vulnerability | Affected: VMware / ESXi | Description: VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3992"}, "references": [{"id": "CVE-2020-3992", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3992"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ESXi", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware ESXi OpenSLP Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "bc0dbb5d-f75c-4af4-b98a-c070599eca8a", "vulnerability": {"vulnId": "CVE-2015-4852", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bc0dbb5d-f75c-4af4-b98a-c070599eca8a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability | Affected: Oracle / WebLogic Server | Description: Oracle WebLogic Server contains a deserialization of untrusted data vulnerability within Apache Commons, which can allow for for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-4852"}, "references": [{"id": "CVE-2015-4852", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-4852"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebLogic Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2f8661ac-d86b-46a4-8193-21b389ff594e", "vulnerability": {"vulnId": "CVE-2020-4006", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2f8661ac-d86b-46a4-8193-21b389ff594e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Multiple VMware Products Command Injection Vulnerability | Affected: VMware / Multiple Products | Description: VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-4006"}, "references": [{"id": "CVE-2020-4006", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-4006"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "Multiple VMware Products Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "64c5a2b7-fcc4-4659-835b-83d0cdcc8809", "vulnerability": {"vulnId": "CVE-2019-0803", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "64c5a2b7-fcc4-4659-835b-83d0cdcc8809", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains an unspecified vulnerability due to it failing to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0803"}, "references": [{"id": "CVE-2019-0803", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0803"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bcef49f2-23ef-41d7-bfbd-17399d5d6596", "vulnerability": {"vulnId": "CVE-2021-1497", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bcef49f2-23ef-41d7-bfbd-17399d5d6596", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability | Affected: Cisco / HyperFlex HX | Description: Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the root user. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1497"}, "references": [{"id": "CVE-2021-1497", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1497"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HyperFlex HX", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco HyperFlex HX Installer Virtual Machine Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "63a0ab2a-278a-4439-834b-ede184c7a942", "vulnerability": {"vulnId": "CVE-2021-35395", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "63a0ab2a-278a-4439-834b-ede184c7a942", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Realtek AP-Router SDK Buffer Overflow Vulnerability | Affected: Realtek / AP-Router SDK | Description: Realtek AP-Router SDK HTTP web server boa contains a buffer overflow vulnerability due to unsafe copies of some overly long parameters submitted in the form that lead to denial-of-service (DoS). | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-35395"}, "references": [{"id": "CVE-2021-35395", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-35395"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AP-Router SDK", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Realtek", "vulnerabilityName": "Realtek AP-Router SDK Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "03191d5d-a225-435a-bb3e-cb4cf171c02d", "vulnerability": {"vulnId": "CVE-2020-8657", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "03191d5d-a225-435a-bb3e-cb4cf171c02d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: EyesOfNetwork Use of Hard-Coded Credentials Vulnerability | Affected: EyesOfNetwork / EyesOfNetwork | Description: EyesOfNetwork contains a use of hard-coded credentials vulnerability, as it uses the same API key by default. Exploitation allows an attacker to calculate or guess the admin access token. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8657"}, "references": [{"id": "CVE-2020-8657", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8657"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-798"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "EyesOfNetwork", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "EyesOfNetwork", "vulnerabilityName": "EyesOfNetwork Use of Hard-Coded Credentials Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d6804d7c-c725-464b-a5c6-41d46a8d59fc", "vulnerability": {"vulnId": "CVE-2010-5326", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d6804d7c-c725-464b-a5c6-41d46a8d59fc", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver Remote Code Execution Vulnerability | Affected: SAP / NetWeaver | Description: SAP NetWeaver Application Server Java Platforms Invoker Servlet does not require authentication, allowing for remote code execution via a HTTP or HTTPS request. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2010-5326"}, "references": [{"id": "CVE-2010-5326", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2010-5326"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "621fc5ec-46bc-44c3-9772-928169f89fb7", "vulnerability": {"vulnId": "CVE-2014-1812", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "621fc5ec-46bc-44c3-9772-928169f89fb7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Active Directory contains a privilege escalation vulnerability due to the way it distributes passwords that are configured using Group Policy preferences. An authenticated attacker who successfully exploits the vulnerability could decrypt the passwords and use them to elevate privileges on the domain. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2014-1812"}, "references": [{"id": "CVE-2014-1812", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2014-1812"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-255"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Group Policy Preferences Password Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "bdc4327f-58b2-466a-ae76-b26643cb37fe", "vulnerability": {"vulnId": "CVE-2021-40444", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bdc4327f-58b2-466a-ae76-b26643cb37fe", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft MSHTML Remote Code Execution Vulnerability | Affected: Microsoft / MSHTML | Description: Microsoft MSHTML contains a unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-40444"}, "references": [{"id": "CVE-2021-40444", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-40444"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MSHTML", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft MSHTML Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "7008e941-7eb2-4bcd-a503-6c26613763ca", "vulnerability": {"vulnId": "CVE-2019-16759", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7008e941-7eb2-4bcd-a503-6c26613763ca", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: vBulletin PHP Module Remote Code Execution Vulnerability | Affected: vBulletin / vBulletin | Description: The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-16759"}, "references": [{"id": "CVE-2019-16759", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-16759"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vBulletin", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "vBulletin", "vulnerabilityName": "vBulletin PHP Module Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5e9a7a96-a30e-4d33-8fbf-e725edef43df", "vulnerability": {"vulnId": "CVE-2020-27930", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5e9a7a96-a30e-4d33-8fbf-e725edef43df", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-27930"}, "references": [{"id": "CVE-2020-27930", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-27930"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "bfff3cac-e54c-44d9-a0ed-c026a0e2f93c", "vulnerability": {"vulnId": "CVE-2020-9818", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "bfff3cac-e54c-44d9-a0ed-c026a0e2f93c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability | Affected: Apple / iOS, iPadOS, and watchOS | Description: Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-9818"}, "references": [{"id": "CVE-2020-9818", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-9818"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and watchOS", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and watchOS Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c00c3d8d-d9fa-4c6b-b7ae-ced05cfe4afa", "vulnerability": {"vulnId": "CVE-2020-5849", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c00c3d8d-d9fa-4c6b-b7ae-ced05cfe4afa", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Unraid Authentication Bypass Vulnerability | Affected: Unraid / Unraid | Description: Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-5849"}, "references": [{"id": "CVE-2020-5849", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-5849"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287", "CWE-697"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Unraid", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Unraid", "vulnerabilityName": "Unraid Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "aa41eeca-49c6-4f4a-b1f9-2f04942bb240", "vulnerability": {"vulnId": "CVE-2017-11882", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "aa41eeca-49c6-4f4a-b1f9-2f04942bb240", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Memory Corruption Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office contains a memory corruption vulnerability that allows remote code execution in the context of the current user. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-11882"}, "references": [{"id": "CVE-2017-11882", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-11882"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "1f356c9f-dc01-4733-9882-f8246d031565", "vulnerability": {"vulnId": "CVE-2020-3566", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1f356c9f-dc01-4733-9882-f8246d031565", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability | Affected: Cisco / IOS XR | Description: Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3566"}, "references": [{"id": "CVE-2020-3566", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3566"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-400"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS XR", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c6db78c6-b742-4dae-8507-8e235d2514a6", "vulnerability": {"vulnId": "CVE-2021-30860", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c6db78c6-b742-4dae-8507-8e235d2514a6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Integer Overflow Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30860"}, "references": [{"id": "CVE-2021-30860", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30860"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-190"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Integer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c2d8891c-51f0-4b31-880b-88ae1cc603f9", "vulnerability": {"vulnId": "CVE-2021-27059", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c2d8891c-51f0-4b31-880b-88ae1cc603f9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Remote Code Execution Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office contains an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-27059"}, "references": [{"id": "CVE-2021-27059", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27059"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c5664c96-b3ed-49d9-8959-d90f8b742d15", "vulnerability": {"vulnId": "CVE-2021-42258", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c5664c96-b3ed-49d9-8959-d90f8b742d15", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: BQE BillQuick Web Suite SQL Injection Vulnerability | Affected: BQE / BillQuick Web Suite | Description: BQE BillQuick Web Suite contains an SQL injection vulnerability when accessing the username parameter that may allow for unauthenticated, remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-42258"}, "references": [{"id": "CVE-2021-42258", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-42258"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "BillQuick Web Suite", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "BQE", "vulnerabilityName": "BQE BillQuick Web Suite SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "c5a55a99-a8a1-4cb4-9a06-091101108ace", "vulnerability": {"vulnId": "CVE-2020-12812", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c5a55a99-a8a1-4cb4-9a06-091101108ace", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Fortinet FortiOS SSL VPN Improper Authentication Vulnerability | Affected: Fortinet / FortiOS | Description: Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-12812"}, "references": [{"id": "CVE-2020-12812", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-12812"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-178", "CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FortiOS", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Fortinet", "vulnerabilityName": "Fortinet FortiOS SSL VPN Improper Authentication Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "c7343d52-dd13-4321-947f-fb29745f05d2", "vulnerability": {"vulnId": "CVE-2021-21148", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c7343d52-dd13-4321-947f-fb29745f05d2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Heap Buffer Overflow Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a heap buffer overflow vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21148"}, "references": [{"id": "CVE-2021-21148", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21148"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Heap Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ddc64a36-fa4b-44b6-aeed-22cf0b07b28e", "vulnerability": {"vulnId": "CVE-2021-31207", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ddc64a36-fa4b-44b6-aeed-22cf0b07b28e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Security Feature Bypass Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an unspecified vulnerability that allows for security feature bypass. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-31207"}, "references": [{"id": "CVE-2021-31207", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-31207"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Security Feature Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "fd98c742-c296-4f75-878c-9671726e5bf1", "vulnerability": {"vulnId": "CVE-2019-2215", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fd98c742-c296-4f75-878c-9671726e5bf1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Android Kernel Use-After-Free Vulnerability | Affected: Android / Android Kernel | Description: Android Kernel contains a use-after-free vulnerability in binder.c that allows for privilege escalation from an application to the Linux Kernel. This vulnerability was observed chained with CVE-2020-0041 and CVE-2020-0069 under exploit chain \"AbstractEmu.\" | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-2215"}, "references": [{"id": "CVE-2019-2215", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-2215"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Android Kernel", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Android", "vulnerabilityName": "Android Kernel Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "548dfd1f-9d8f-40c3-a085-d2a6de461279", "vulnerability": {"vulnId": "CVE-2021-1870", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "548dfd1f-9d8f-40c3-a085-d2a6de461279", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability | Affected: Apple / iOS, iPadOS, and macOS | Description: Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1870"}, "references": [{"id": "CVE-2021-1870", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1870"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1173"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and macOS", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c943b03e-cf91-4347-bb52-de0315c940f9", "vulnerability": {"vulnId": "CVE-2021-38003", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c943b03e-cf91-4347-bb52-de0315c940f9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Memory Corruption Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine has a bug in JSON.stringify, where the internal TheHole value can leak to script code, causing memory corruption. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-38003"}, "references": [{"id": "CVE-2021-38003", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-38003"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122", "CWE-755"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "53c9f7fb-ac8c-425f-a76f-45b8d371cbed", "vulnerability": {"vulnId": "CVE-2021-37976", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "53c9f7fb-ac8c-425f-a76f-45b8d371cbed", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Information Disclosure Vulnerability | Affected: Google / Chromium | Description: Google Chromium contains an information disclosure vulnerability within the core memory component that allows a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-37976"}, "references": [{"id": "CVE-2021-37976", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-37976"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-862"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c99d5937-a1fb-4dd9-8207-4b87184e9636", "vulnerability": {"vulnId": "CVE-2019-3396", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c99d5937-a1fb-4dd9-8207-4b87184e9636", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability | Affected: Atlassian / Confluence Server and Data Server | Description: Atlassian Confluence Server and Data Center contain a server-side template injection vulnerability that may allow an attacker to achieve path traversal and remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-3396"}, "references": [{"id": "CVE-2019-3396", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-3396"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Confluence Server and Data Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Confluence Server and Data Center Server-Side Template Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "01ed1b9b-16c0-4e50-a647-7d8c42f74a4f", "vulnerability": {"vulnId": "CVE-2021-1906", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "01ed1b9b-16c0-4e50-a647-7d8c42f74a4f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability | Affected: Qualcomm / Multiple Chipsets | Description: Multiple Qualcomm chipsets contain a detection of error condition without action vulnerability when improper handling of address deregistration on failure can lead to new GPU address allocation failure. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1906"}, "references": [{"id": "CVE-2021-1906", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1906"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-390"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Qualcomm", "vulnerabilityName": "Qualcomm Multiple Chipsets Detection of Error Condition Without Action Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a51db83f-2e06-40eb-a4e7-63e914498f49", "vulnerability": {"vulnId": "CVE-2020-8644", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a51db83f-2e06-40eb-a4e7-63e914498f49", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: PlaySMS Server-Side Template Injection Vulnerability | Affected: PlaySMS / PlaySMS | Description: PlaySMS contains a server-side template injection vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8644"}, "references": [{"id": "CVE-2020-8644", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8644"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-94"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "PlaySMS", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "PlaySMS", "vulnerabilityName": "PlaySMS Server-Side Template Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "aa3652eb-c8d3-48b2-8cc5-883075b91233", "vulnerability": {"vulnId": "CVE-2020-25506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "aa3652eb-c8d3-48b2-8cc5-883075b91233", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DNS-320 Device Command Injection Vulnerability | Affected: D-Link / DNS-320 Device | Description: D-Link DNS-320 device contains a command injection vulnerability in the sytem_mgr.cgi component that may allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-25506"}, "references": [{"id": "CVE-2020-25506", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-25506"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DNS-320 Device", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DNS-320 Device Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "51fed59d-b965-46d3-8813-c8e4508968e2", "vulnerability": {"vulnId": "CVE-2021-1647", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "51fed59d-b965-46d3-8813-c8e4508968e2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Defender Remote Code Execution Vulnerability | Affected: Microsoft / Defender | Description: Microsoft Defender contains an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1647"}, "references": [{"id": "CVE-2021-1647", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1647"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122", "CWE-1285"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Defender", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Defender Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7ca4c7ee-d77d-434a-a960-3455d59c6ede", "vulnerability": {"vulnId": "CVE-2020-3569", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7ca4c7ee-d77d-434a-a960-3455d59c6ede", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability | Affected: Cisco / IOS XR | Description: Cisco IOS XR Distance Vector Multicast Routing Protocol (DVMRP) incorrectly handles Internet Group Management Protocol (IGMP) packets. Exploitation could allow an unauthenticated, remote attacker to immediately crash the IGMP process or make it consume available memory and eventually crash. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3569"}, "references": [{"id": "CVE-2020-3569", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3569"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-400"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS XR", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4c92187f-8bd3-4205-85b3-a1a32d7f344b", "vulnerability": {"vulnId": "CVE-2020-5902", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4c92187f-8bd3-4205-85b3-a1a32d7f344b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability | Affected: F5 / BIG-IP | Description: F5 BIG-IP Traffic Management User Interface (TMUI) contains a remote code execution vulnerability in undisclosed pages. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-5902"}, "references": [{"id": "CVE-2020-5902", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-5902"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "BIG-IP", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "F5", "vulnerabilityName": "F5 BIG-IP Traffic Management User Interface (TMUI) Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "421ea336-9aca-496d-a5a9-c9b8cdb5a7ad", "vulnerability": {"vulnId": "CVE-2020-8196", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "421ea336-9aca-496d-a5a9-c9b8cdb5a7ad", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability | Affected: Citrix / Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Description: Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an information disclosure vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8196"}, "references": [{"id": "CVE-2020-8196", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8196"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Citrix", "vulnerabilityName": "Citrix ADC, Gateway, and SD-WAN WANOP Appliance Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2a0bd7ad-6f5f-4a71-a655-18c6357b831a", "vulnerability": {"vulnId": "CVE-2020-3452", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2a0bd7ad-6f5f-4a71-a655-18c6357b831a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco ASA and FTD Read-Only Path Traversal Vulnerability | Affected: Cisco / Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Description: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an improper input validation vulnerability when HTTP requests process URLs.  An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3452"}, "references": [{"id": "CVE-2020-3452", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3452"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco ASA and FTD Read-Only Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "a92b4eea-f16e-45f2-9e2c-a4f00fa5fd99", "vulnerability": {"vulnId": "CVE-2021-40539", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a92b4eea-f16e-45f2-9e2c-a4f00fa5fd99", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability | Affected: Zoho / ManageEngine | Description: Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-40539"}, "references": [{"id": "CVE-2021-40539", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-40539"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-55"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ManageEngine", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Zoho", "vulnerabilityName": "Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "d2ba95e6-fcde-4d18-943a-bd030d0aff30", "vulnerability": {"vulnId": "CVE-2020-11651", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d2ba95e6-fcde-4d18-943a-bd030d0aff30", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SaltStack Salt Authentication Bypass Vulnerability | Affected: SaltStack / Salt | Description: SaltStack Salt contains an authentication bypass vulnerability in the salt-master process ClearFuncs due to improperly validating method calls. The vulnerability allows a remote user to access some methods without authentication, which can be used to retrieve user tokens from the salt master and/or run commands on salt minions. Salt users who follow fundamental internet security guidelines and best practices are not affected by this vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-11651"}, "references": [{"id": "CVE-2020-11651", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-11651"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Salt", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SaltStack", "vulnerabilityName": "SaltStack Salt Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4684d478-d39b-40b9-a036-3c04054cf779", "vulnerability": {"vulnId": "CVE-2019-1214", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4684d478-d39b-40b9-a036-3c04054cf779", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Common Log File System (CLFS) driver improperly handles objects in memory which can allow for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1214"}, "references": [{"id": "CVE-2019-1214", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1214"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Privilege Common Log File System (CLFS) Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d3e89ed9-ff38-41af-806c-a27c719e1f6c", "vulnerability": {"vulnId": "CVE-2020-4430", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d3e89ed9-ff38-41af-806c-a27c719e1f6c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: IBM Data Risk Manager Directory Traversal Vulnerability | Affected: IBM / Data Risk Manager | Description: IBM Data Risk Manager contains a directory traversal vulnerability that could allow a remote authenticated attacker to traverse directories and send a specially crafted URL request to download arbitrary files from the system. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-4430"}, "references": [{"id": "CVE-2020-4430", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-4430"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Data Risk Manager", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "IBM", "vulnerabilityName": "IBM Data Risk Manager Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d5766c00-ba5b-4967-a629-cdac22fe2f67", "vulnerability": {"vulnId": "CVE-2020-8467", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d5766c00-ba5b-4967-a629-cdac22fe2f67", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability | Affected: Trend Micro / Apex One and OfficeScan | Description: Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8467"}, "references": [{"id": "CVE-2020-8467", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8467"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Apex One and OfficeScan", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "313f3d31-e00a-4b7d-a01d-b60308d0fe0f", "vulnerability": {"vulnId": "CVE-2019-0541", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "313f3d31-e00a-4b7d-a01d-b60308d0fe0f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft MSHTML Remote Code Execution Vulnerability | Affected: Microsoft / MSHTML | Description: Microsoft MSHTML engine contains an improper input validation vulnerability that allows for remote code execution vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0541"}, "references": [{"id": "CVE-2019-0541", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0541"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-77"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MSHTML", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft MSHTML Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3f81bf7d-bf6c-4006-b7b5-ed327ae5002f", "vulnerability": {"vulnId": "CVE-2020-3161", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3f81bf7d-bf6c-4006-b7b5-ed327ae5002f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability | Affected: Cisco / Cisco IP Phones | Description: Cisco IP Phones contain an improper input validation vulnerability for HTTP requests. Exploitation could allow an attacker to execute code remotely with root privileges or cause a denial-of-service (DoS) condition. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3161"}, "references": [{"id": "CVE-2020-3161", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3161"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Cisco IP Phones", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IP Phones Web Server Remote Code Execution and Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d8b42595-8ff2-4057-8515-24ed093b1f62", "vulnerability": {"vulnId": "CVE-2018-15811", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d8b42595-8ff2-4057-8515-24ed093b1f62", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability | Affected: DotNetNuke (DNN) / DotNetNuke (DNN) | Description: DotNetNuke (DNN) contains an inadequate encryption strength vulnerability resulting from the use of a weak encryption algorithm to protect input parameters. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-15811"}, "references": [{"id": "CVE-2018-15811", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-15811"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-326"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DotNetNuke (DNN)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "DotNetNuke (DNN)", "vulnerabilityName": "DotNetNuke (DNN) Inadequate Encryption Strength Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d8d4bf5a-324b-4e70-bab3-be55d588d75d", "vulnerability": {"vulnId": "CVE-2021-34523", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d8d4bf5a-324b-4e70-bab3-be55d588d75d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Privilege Escalation Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-34523"}, "references": [{"id": "CVE-2021-34523", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-34523"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-287"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "a8b1ceb0-33bd-4c83-8017-f942289e9aca", "vulnerability": {"vulnId": "CVE-2021-23874", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a8b1ceb0-33bd-4c83-8017-f942289e9aca", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: McAfee Total Protection (MTP) Improper Privilege Management Vulnerability | Affected: McAfee / McAfee Total Protection (MTP) | Description: McAfee Total Protection (MTP) contains an improper privilege management vulnerability that allows a local user to gain elevated privileges and execute code, bypassing MTP self-defense. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-23874"}, "references": [{"id": "CVE-2021-23874", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-23874"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "McAfee Total Protection (MTP)", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "McAfee", "vulnerabilityName": "McAfee Total Protection (MTP) Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3dd0fd7e-5f32-4d1d-9f44-a1a29343d841", "vulnerability": {"vulnId": "CVE-2016-4437", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3dd0fd7e-5f32-4d1d-9f44-a1a29343d841", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Shiro Code Execution Vulnerability | Affected: Apache / Shiro | Description: Apache Shiro contains a vulnerability which may allow remote attackers to execute code or bypass intended access restrictions via an unspecified request parameter when a cipher key has not been configured for the \"remember me\" feature. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-4437"}, "references": [{"id": "CVE-2016-4437", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-4437"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-284"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Shiro", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apache", "vulnerabilityName": "Apache Shiro Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "da38d7ee-f4cd-4e40-8456-67b842100b8c", "vulnerability": {"vulnId": "CVE-2021-30858", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "da38d7ee-f4cd-4e40-8456-67b842100b8c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, macOS Use-After-Free Vulnerability | Affected: Apple / iOS, iPadOS, and macOS | Description: Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30858"}, "references": [{"id": "CVE-2021-30858", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30858"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and macOS", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, macOS Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dac68c8d-67b2-4e34-957d-6942e3e44c11", "vulnerability": {"vulnId": "CVE-2020-10987", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "dac68c8d-67b2-4e34-957d-6942e3e44c11", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability | Affected: Tenda / AC1900 Router AC15 Model | Description: Tenda AC1900 Router AC15 Model contains an unspecified vulnerability that allows remote attackers to execute system commands via the deviceName POST parameter. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-10987"}, "references": [{"id": "CVE-2020-10987", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10987"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AC1900 Router AC15 Model", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Tenda", "vulnerabilityName": "Tenda AC1900 Router AC15 Model Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "3c47408e-1894-4843-a6d9-9af5967620b8", "vulnerability": {"vulnId": "CVE-2020-10148", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3c47408e-1894-4843-a6d9-9af5967620b8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Orion Authentication Bypass Vulnerability | Affected: SolarWinds / Orion | Description: SolarWinds Orion API contains an authentication bypass vulnerability that could allow a remote attacker to execute API commands. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-10148"}, "references": [{"id": "CVE-2020-10148", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-10148"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-288"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Orion", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Orion Authentication Bypass Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dc390748-0edb-4e94-9082-36aca30caab0", "vulnerability": {"vulnId": "CVE-2021-28663", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "dc390748-0edb-4e94-9082-36aca30caab0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability | Affected: Arm / Mali Graphics Processing Unit (GPU) | Description: Arm Mali Graphics Processing Unit (GPU) kernel driver contains a use-after-free vulnerability that may allow a non-privileged user to make improper operations on GPU memory to gain root privilege, and/or disclose information. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-28663"}, "references": [{"id": "CVE-2021-28663", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-28663"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mali Graphics Processing Unit (GPU)", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Arm", "vulnerabilityName": "Arm Mali Graphics Processing Unit (GPU) Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "8334d983-008d-4ea6-b7dd-c22fdca7871d", "vulnerability": {"vulnId": "CVE-2020-8655", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "8334d983-008d-4ea6-b7dd-c22fdca7871d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: EyesOfNetwork Improper Privilege Management Vulnerability | Affected: EyesOfNetwork / EyesOfNetwork | Description: EyesOfNetwork contains an improper privilege management vulnerability that may allow a user to run commands as root via a crafted Nmap Scripting Engine (NSE) script to nmap7. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8655"}, "references": [{"id": "CVE-2020-8655", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8655"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "EyesOfNetwork", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "EyesOfNetwork", "vulnerabilityName": "EyesOfNetwork Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "338ebb05-17b5-49da-8821-a394647063f7", "vulnerability": {"vulnId": "CVE-2021-31979", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "338ebb05-17b5-49da-8821-a394647063f7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows kernel contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-31979"}, "references": [{"id": "CVE-2021-31979", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-31979"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "dd343d83-c502-493d-9322-f94f396df340", "vulnerability": {"vulnId": "CVE-2019-13608", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "dd343d83-c502-493d-9322-f94f396df340", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability | Affected: Citrix / StoreFront Server | Description: Citrix StoreFront Server contains an XML External Entity (XXE) processing vulnerability that may allow an unauthenticated attacker to retrieve potentially sensitive information. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-13608"}, "references": [{"id": "CVE-2019-13608", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-13608"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-611"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "StoreFront Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Citrix", "vulnerabilityName": "Citrix StoreFront Server XML External Entity (XXE) Processing Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "dda02550-c9bf-4073-9052-d2767c1d7619", "vulnerability": {"vulnId": "CVE-2020-12271", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "dda02550-c9bf-4073-9052-d2767c1d7619", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Sophos SFOS SQL Injection Vulnerability | Affected: Sophos / SFOS | Description: Sophos Firewall operating system (SFOS) firmware contains a SQL injection vulnerability when configured with either the administration (HTTPS) service or the User Portal is exposed on the WAN zone. Successful exploitation may cause remote code execution to exfiltrate usernames and hashed passwords for the local device admin(s), portal admins, and user accounts used for remote access (but not external Active Directory or LDAP passwords). | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-12271"}, "references": [{"id": "CVE-2020-12271", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-12271"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SFOS", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Sophos", "vulnerabilityName": "Sophos SFOS SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3a012bbc-3029-4044-afae-7815837c96dd", "vulnerability": {"vulnId": "CVE-2021-30633", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3a012bbc-3029-4044-afae-7815837c96dd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Indexed DB API Use-After-Free Vulnerability | Affected: Google / Chromium Indexed DB API | Description: Google Chromium Indexed DB API contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30633"}, "references": [{"id": "CVE-2021-30633", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30633"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium Indexed DB API", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Indexed DB API Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "386b2d98-fd34-49b6-a736-e7d072497ee5", "vulnerability": {"vulnId": "CVE-2017-5638", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "386b2d98-fd34-49b6-a736-e7d072497ee5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Struts Remote Code Execution Vulnerability | Affected: Apache / Struts | Description: Apache Struts Jakarta Multipart parser allows for malicious file upload using the Content-Type value, leading to remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-5638"}, "references": [{"id": "CVE-2017-5638", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-5638"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Struts", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apache", "vulnerabilityName": "Apache Struts Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "0b2e004d-caa2-468d-ab80-e46fa4bcda05", "vulnerability": {"vulnId": "CVE-2019-11580", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0b2e004d-caa2-468d-ab80-e46fa4bcda05", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability | Affected: Atlassian / Crowd and Crowd Data Center | Description: Atlassian Crowd and Crowd Data Center contain a remote code execution vulnerability resulting from a pdkinstall development plugin being incorrectly enabled in release builds. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-11580"}, "references": [{"id": "CVE-2019-11580", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-11580"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Crowd and Crowd Data Center", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Atlassian", "vulnerabilityName": "Atlassian Crowd and Crowd Data Center Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "df1ece24-44d4-496e-a4d4-090eeb014fc2", "vulnerability": {"vulnId": "CVE-2019-0859", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "df1ece24-44d4-496e-a4d4-090eeb014fc2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k fails to properly handle objects in memory causing privilege escalation. Successful exploitation allows an attacker to run code in kernel mode. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0859"}, "references": [{"id": "CVE-2019-0859", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0859"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "df48c2dc-746f-441f-96b2-3583871f6d1f", "vulnerability": {"vulnId": "CVE-2020-8515", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "df48c2dc-746f-441f-96b2-3583871f6d1f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Multiple DrayTek Vigor Routers Web Management Page Vulnerability | Affected: DrayTek / Multiple Vigor Routers | Description: DrayTek Vigor3900, Vigor2960, and Vigor300B routers contain an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-8515"}, "references": [{"id": "CVE-2020-8515", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8515"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Vigor Routers", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "DrayTek", "vulnerabilityName": "Multiple DrayTek Vigor Routers Web Management Page Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "df532b07-42cc-47d0-ab2c-995432875a21", "vulnerability": {"vulnId": "CVE-2020-8260", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "df532b07-42cc-47d0-ab2c-995432875a21", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti Pulse Connect Secure Code Execution Vulnerability | Affected: Ivanti / Pulse Connect Secure | Description: Pulse Connect Secure contains an unspecified vulnerability that allows an authenticated attacker to perform code execution using uncontrolled gzip extraction. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): Reference CISA's ED 21-03 (https://www.cisa.gov/news-events/directives/ed-21-03-mitigate-pulse-connect-secure-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-03. https://nvd.nist.gov/vuln/detail/CVE-2020-8260"}, "references": [{"id": "CVE-2020-8260", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-8260"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Pulse Connect Secure", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti Pulse Connect Secure Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "36598e33-3b56-43dc-8f06-7397c35b8199", "vulnerability": {"vulnId": "CVE-2021-30762", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "36598e33-3b56-43dc-8f06-7397c35b8199", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS WebKit Use-After-Free Vulnerability | Affected: Apple / iOS | Description: Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30762"}, "references": [{"id": "CVE-2021-30762", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30762"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS WebKit Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "35172300-da66-44c8-bf8a-2599476fb405", "vulnerability": {"vulnId": "CVE-2019-17558", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "35172300-da66-44c8-bf8a-2599476fb405", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability | Affected: Apache / Solr | Description: The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-17558"}, "references": [{"id": "CVE-2019-17558", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-17558"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Solr", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apache", "vulnerabilityName": "Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "df9216f8-90a9-4ded-abc9-a20eb31a9c68", "vulnerability": {"vulnId": "CVE-2021-38649", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "df9216f8-90a9-4ded-abc9-a20eb31a9c68", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability | Affected: Microsoft / Open Management Infrastructure (OMI) | Description: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-38649"}, "references": [{"id": "CVE-2021-38649", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-38649"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Open Management Infrastructure (OMI)", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Open Management Infrastructure (OMI) Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "066a4188-fd35-4d8e-ac2f-06a3bff9eaa0", "vulnerability": {"vulnId": "CVE-2016-3976", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "066a4188-fd35-4d8e-ac2f-06a3bff9eaa0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP NetWeaver Directory Traversal Vulnerability | Affected: SAP / NetWeaver | Description: SAP NetWeaver Application Server Java Platforms contains a directory traversal vulnerability via a ..\\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet. This allows remote attackers to read files. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-3976"}, "references": [{"id": "CVE-2016-3976", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3976"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "NetWeaver", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SAP", "vulnerabilityName": "SAP NetWeaver Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e046f4c1-fd5e-4103-9e5e-a18ad095e1f2", "vulnerability": {"vulnId": "CVE-2021-30116", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e046f4c1-fd5e-4103-9e5e-a18ad095e1f2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability | Affected: Kaseya / Virtual System/Server Administrator (VSA) | Description: Kaseya Virtual System/Server Administrator (VSA) contains an information disclosure vulnerability allowing an attacker to obtain the sessionId that can be used to execute further attacks against the system. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30116"}, "references": [{"id": "CVE-2021-30116", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30116"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-522"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Virtual System/Server Administrator (VSA)", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Kaseya", "vulnerabilityName": "Kaseya Virtual System/Server Administrator (VSA) Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "e08f07ab-17c4-415e-84fb-b9b898a9e689", "vulnerability": {"vulnId": "CVE-2021-30869", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e08f07ab-17c4-415e-84fb-b9b898a9e689", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and macOS Type Confusion Vulnerability | Affected: Apple / iOS, iPadOS, and macOS | Description: Apple iOS, iPadOS, and macOS contain a type confusion vulnerability in the XNU which may allow a malicious application to execute code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30869"}, "references": [{"id": "CVE-2021-30869", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30869"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and macOS", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and macOS Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "05056406-4c06-4ec2-bbd8-7fdeb1c64334", "vulnerability": {"vulnId": "CVE-2021-27562", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "05056406-4c06-4ec2-bbd8-7fdeb1c64334", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Arm Trusted Firmware Out-of-Bounds Write Vulnerability | Affected: Arm / Trusted Firmware | Description: Arm Trusted Firmware contains an out-of-bounds write vulnerability allowing the non-secure (NS) world to trigger a system halt, overwrite secure data, or print out secure data when calling secure functions under the non-secure processing environment (NSPE) handler mode. This vulnerability affects Yealink Device Management servers. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-27562"}, "references": [{"id": "CVE-2021-27562", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27562"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Trusted Firmware", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Arm", "vulnerabilityName": "Arm Trusted Firmware Out-of-Bounds Write Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "342659ae-0139-40e8-8b19-827238116dc9", "vulnerability": {"vulnId": "CVE-2020-0646", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "342659ae-0139-40e8-8b19-827238116dc9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft .NET Framework Remote Code Execution Vulnerability | Affected: Microsoft / .NET Framework | Description: Microsoft .NET Framework contains an improper input validation vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0646"}, "references": [{"id": "CVE-2020-0646", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0646"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-91"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": ".NET Framework", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft .NET Framework Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e1463297-cf69-468a-abd8-12b943e2e53e", "vulnerability": {"vulnId": "CVE-2021-36942", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e1463297-cf69-468a-abd8-12b943e2e53e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Local Security Authority (LSA) contains a spoofing vulnerability allowing an unauthenticated attacker to call a method on the LSARPC interface and coerce the domain controller to authenticate against another server using NTLM. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-36942"}, "references": [{"id": "CVE-2021-36942", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-36942"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-749"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Local Security Authority (LSA) Spoofing Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "e1ec3321-729f-43d3-9d8c-1b7b00f0cc30", "vulnerability": {"vulnId": "CVE-2020-6820", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e1ec3321-729f-43d3-9d8c-1b7b00f0cc30", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Mozilla Firefox And Thunderbird Use-After-Free Vulnerability | Affected: Mozilla / Firefox and Thunderbird | Description: Mozilla Firefox and Thunderbird contain a race condition vulnerability when handling a ReadableStream under certain conditions. The race condition creates a use-after-free vulnerability, causing unspecified impacts. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-6820"}, "references": [{"id": "CVE-2020-6820", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-6820"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-362"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Firefox and Thunderbird", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Mozilla", "vulnerabilityName": "Mozilla Firefox And Thunderbird Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e224b883-a34e-4a02-8e2a-478d2249cc1a", "vulnerability": {"vulnId": "CVE-2019-16256", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e224b883-a34e-4a02-8e2a-478d2249cc1a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SIMalliance Toolbox Browser Command Injection Vulnerability | Affected: SIMalliance / Toolbox Browser | Description: SIMalliance Toolbox Browser contains an command injection vulnerability that could allow remote attackers to retrieve location and IMEI information or execute a range of other attacks by modifying the attack message. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-16256"}, "references": [{"id": "CVE-2019-16256", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-16256"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Toolbox Browser", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SIMalliance", "vulnerabilityName": "SIMalliance Toolbox Browser Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "33763c20-ac29-477f-a4be-eb6f94ce9c57", "vulnerability": {"vulnId": "CVE-2021-30761", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "33763c20-ac29-477f-a4be-eb6f94ce9c57", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS WebKit Memory Corruption Vulnerability | Affected: Apple / iOS | Description: Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30761"}, "references": [{"id": "CVE-2021-30761", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30761"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS WebKit Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e2ce10ec-b4cf-4913-990c-d39f3f325466", "vulnerability": {"vulnId": "CVE-2020-14871", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e2ce10ec-b4cf-4913-990c-d39f3f325466", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability | Affected: Oracle / Solaris and Zettabyte File System (ZFS) | Description: Oracle Solaris and Oracle ZFS Storage Appliance Kit contain an unspecified vulnerability causing high impacts to confidentiality, integrity, and availability of affected systems. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-14871"}, "references": [{"id": "CVE-2020-14871", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-14871"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Solaris and Zettabyte File System (ZFS)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e3103d13-6e4e-44be-bd28-8a38a9ca3db1", "vulnerability": {"vulnId": "CVE-2021-1498", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e3103d13-6e4e-44be-bd28-8a38a9ca3db1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco HyperFlex HX Data Platform Command Injection Vulnerability | Affected: Cisco / HyperFlex HX | Description: Cisco HyperFlex HX Installer Virtual Machine contains an insufficient input validation vulnerability which could allow an attacker to execute commands on an affected device as the tomcat8 user. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1498"}, "references": [{"id": "CVE-2021-1498", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1498"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HyperFlex HX", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco HyperFlex HX Data Platform Command Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "79b8031b-422a-4023-892e-aefa439a8824", "vulnerability": {"vulnId": "CVE-2021-37973", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "79b8031b-422a-4023-892e-aefa439a8824", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Portals Use-After-Free Vulnerability | Affected: Google / Chromium Portals | Description: Google Chromium Portals contains a use-after-free vulnerability that allows a remote attacker, who has compromised the renderer process, to potentially perform a sandbox escape via a crafted HTML page. This vulnerability affects web browsers that utilize Chromium, including Google Chrome and Microsoft Edge. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-37973"}, "references": [{"id": "CVE-2021-37973", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-37973"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium Portals", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Portals Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "330bd34a-1803-4214-aa6e-62e104d828e5", "vulnerability": {"vulnId": "CVE-2017-7269", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "330bd34a-1803-4214-aa6e-62e104d828e5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Server Buffer Overflow Vulnerability | Affected: Microsoft / Internet Information Services (IIS) | Description: Microsoft Windows Server 2003 R2 contains a buffer overflow vulnerability in Internet Information Services (IIS) 6.0 which allows remote attackers to execute code via a long header beginning with \"If: <http://\" in a PROPFIND request. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-7269"}, "references": [{"id": "CVE-2017-7269", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-7269"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Information Services (IIS)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Server Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e3773bc3-7af1-4ceb-a99c-472dd5f7d2d8", "vulnerability": {"vulnId": "CVE-2021-20016", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e3773bc3-7af1-4ceb-a99c-472dd5f7d2d8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall SSLVPN SMA100 SQL Injection Vulnerability | Affected: SonicWall / SSLVPN SMA100 | Description: SonicWall SSLVPN SMA100 contains a SQL injection vulnerability that allows remote exploitation for credential access by an unauthenticated attacker. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-20016"}, "references": [{"id": "CVE-2021-20016", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20016"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-89"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SSLVPN SMA100", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall SSLVPN SMA100 SQL Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "3193f12b-95f5-4bf1-b263-8d77a7c406c8", "vulnerability": {"vulnId": "CVE-2021-30563", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "3193f12b-95f5-4bf1-b263-8d77a7c406c8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30563"}, "references": [{"id": "CVE-2021-30563", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30563"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122", "CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e4456d40-0d4c-4f9a-9da6-05f0101bf789", "vulnerability": {"vulnId": "CVE-2021-20021", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e4456d40-0d4c-4f9a-9da6-05f0101bf789", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall Email Security Improper Privilege Management Vulnerability | Affected: SonicWall / SonicWall Email Security | Description: SonicWall Email Security contains an improper privilege management vulnerability that allows an attacker to create an administrative account by sending a crafted HTTP request to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20022 and CVE-2021-20023 to achieve privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-20021"}, "references": [{"id": "CVE-2021-20021", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20021"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SonicWall Email Security", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall Email Security Improper Privilege Management Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "e50810f0-9c82-4df5-9127-73244c866aba", "vulnerability": {"vulnId": "CVE-2020-0674", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e50810f0-9c82-4df5-9127-73244c866aba", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a memory corruption vulnerability due to the way the Scripting Engine handles objects in memory. Successful exploitation could allow remote code execution in the context of the current user. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0674"}, "references": [{"id": "CVE-2020-0674", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0674"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e54e5483-3d09-4b62-9943-3ff3be833bb6", "vulnerability": {"vulnId": "CVE-2020-6207", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e54e5483-3d09-4b62-9943-3ff3be833bb6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SAP Solution Manager Missing Authentication for Critical Function Vulnerability | Affected: SAP / Solution Manager | Description: SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-6207"}, "references": [{"id": "CVE-2020-6207", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-6207"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Solution Manager", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SAP", "vulnerabilityName": "SAP Solution Manager Missing Authentication for Critical Function Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e5ddaeba-d8a9-4937-b165-c3157086c2c8", "vulnerability": {"vulnId": "CVE-2017-0143", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e5ddaeba-d8a9-4937-b165-c3157086c2c8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Server Message Block 1.0 (SMBv1) contains an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-0143"}, "references": [{"id": "CVE-2017-0143", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-0143"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Server Message Block (SMBv1) Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "2e28cb83-3eb5-4683-bcd6-dc5dda244291", "vulnerability": {"vulnId": "CVE-2020-29557", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2e28cb83-3eb5-4683-bcd6-dc5dda244291", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability | Affected: D-Link / DIR-825 R1 Devices | Description: D-Link DIR-825 R1 devices contain a buffer overflow vulnerability in the web interface that may allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-29557"}, "references": [{"id": "CVE-2020-29557", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-29557"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "DIR-825 R1 Devices", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "D-Link", "vulnerabilityName": "D-Link DIR-825 R1 Devices Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "669d317d-cf95-493e-8caa-bb113042cc52", "vulnerability": {"vulnId": "CVE-2020-4428", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "669d317d-cf95-493e-8caa-bb113042cc52", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: IBM Data Risk Manager Remote Code Execution Vulnerability | Affected: IBM / Data Risk Manager | Description: IBM Data Risk Manager contains an unspecified vulnerability which could allow a remote, authenticated attacker to execute commands on the system.\ufffd | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-4428"}, "references": [{"id": "CVE-2020-4428", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-4428"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Data Risk Manager", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "IBM", "vulnerabilityName": "IBM Data Risk Manager Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "57558a2b-fa3a-4c9d-ac66-1a2232e39a2a", "vulnerability": {"vulnId": "CVE-2021-30666", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "57558a2b-fa3a-4c9d-ac66-1a2232e39a2a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS WebKit Buffer Overflow Vulnerability | Affected: Apple / iOS | Description: Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30666"}, "references": [{"id": "CVE-2021-30666", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30666"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-119"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS WebKit Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e75d9778-7d07-4a9b-b4a2-c0add4add0bf", "vulnerability": {"vulnId": "CVE-2018-0296", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e75d9778-7d07-4a9b-b4a2-c0add4add0bf", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability | Affected: Cisco / Adaptive Security Appliance (ASA) | Description: Cisco Adaptive Security Appliance (ASA) contains an improper input validation vulnerability with HTTP URLs. Exploitation could allow an attacker to cause a denial-of-service (DoS) condition or information disclosure. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0296"}, "references": [{"id": "CVE-2018-0296", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0296"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Adaptive Security Appliance (ASA)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco Adaptive Security Appliance (ASA) Denial-of-Service Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e83fd66e-3f97-4c83-a632-c29d95ed22d3", "vulnerability": {"vulnId": "CVE-2020-27950", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e83fd66e-3f97-4c83-a632-c29d95ed22d3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Memory Initialization Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-27950"}, "references": [{"id": "CVE-2020-27950", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-27950"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-665"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Memory Initialization Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "e87890fe-6edc-4610-81ae-88f1421f43a8", "vulnerability": {"vulnId": "CVE-2019-18187", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "e87890fe-6edc-4610-81ae-88f1421f43a8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Trend Micro OfficeScan Directory Traversal Vulnerability | Affected: Trend Micro / OfficeScan | Description: Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-18187"}, "references": [{"id": "CVE-2019-18187", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-18187"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "OfficeScan", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Trend Micro", "vulnerabilityName": "Trend Micro OfficeScan Directory Traversal Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6ba10a80-eac9-4fac-a020-9e9b38d68698", "vulnerability": {"vulnId": "CVE-2021-38000", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6ba10a80-eac9-4fac-a020-9e9b38d68698", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium Intents Improper Input Validation Vulnerability | Affected: Google / Chromium Intents | Description: Google Chromium Intents contains an improper input validation vulnerability that allows a remote attacker to arbitrarily browser to a malicious URL via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-38000"}, "references": [{"id": "CVE-2021-38000", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-38000"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium Intents", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium Intents Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2afe3392-7d47-42f8-b47e-0dc0b5b42a93", "vulnerability": {"vulnId": "CVE-2021-36955", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2afe3392-7d47-42f8-b47e-0dc0b5b42a93", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Common Log File System (CLFS) driver contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-36955"}, "references": [{"id": "CVE-2021-36955", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-36955"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Common Log File System (CLFS) Driver Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "16545ecd-d1b4-4356-beb2-a4e94dc08a75", "vulnerability": {"vulnId": "CVE-2020-15505", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "16545ecd-d1b4-4356-beb2-a4e94dc08a75", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability | Affected: Ivanti / MobileIron Multiple Products | Description: Ivanti MobileIron's Core & Connector, Sentry, and Monitor and Reporting Database (RDB) products contain an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-15505"}, "references": [{"id": "CVE-2020-15505", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-15505"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-706"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "MobileIron Multiple Products", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Ivanti", "vulnerabilityName": "Ivanti MobileIron Multiple Products Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "2988c15f-5938-4922-8474-412bed7af2b4", "vulnerability": {"vulnId": "CVE-2021-28550", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "2988c15f-5938-4922-8474-412bed7af2b4", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Acrobat and Reader Use-After-Free Vulnerability | Affected: Adobe / Acrobat and Reader | Description: Adobe Acrobat and Reader contains a use-after-free vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-28550"}, "references": [{"id": "CVE-2021-28550", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-28550"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Acrobat and Reader", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Acrobat and Reader Use-After-Free Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5a8bc05a-db8d-4c1f-a6ef-c03f05667090", "vulnerability": {"vulnId": "CVE-2019-0797", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5a8bc05a-db8d-4c1f-a6ef-c03f05667090", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains a privilege escalation vulnerability when the Win32k component fails to properly handle objects in memory. Successful exploitation allows an attacker to execute code in kernel mode. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-0797"}, "references": [{"id": "CVE-2019-0797", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-0797"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0fa8f6cc-d35c-43b9-97bd-d4da356be60e", "vulnerability": {"vulnId": "CVE-2020-3952", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0fa8f6cc-d35c-43b9-97bd-d4da356be60e", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware vCenter Server Information Disclosure Vulnerability | Affected: VMware / vCenter Server | Description: VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3952"}, "references": [{"id": "CVE-2020-3952", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3952"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-306"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vCenter Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware vCenter Server Information Disclosure Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "33cab495-95f8-4ee5-af4c-0e11adf42908", "vulnerability": {"vulnId": "CVE-2017-9248", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "33cab495-95f8-4ee5-af4c-0e11adf42908", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability | Affected: Progress / ASP.NET AJAX and Sitefinity | Description: Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-9248"}, "references": [{"id": "CVE-2017-9248", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-9248"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-522"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ASP.NET AJAX and Sitefinity", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Progress", "vulnerabilityName": "Progress Telerik UI for ASP.NET AJAX and Sitefinity Cryptographic Weakness Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ea9ccbf1-fc50-4710-bd6d-6c1012298a46", "vulnerability": {"vulnId": "CVE-2021-22502", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ea9ccbf1-fc50-4710-bd6d-6c1012298a46", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability | Affected: Micro Focus / Operation Bridge Reporter (OBR) | Description: Micro Focus Operation Bridge Report (OBR) contains an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-22502"}, "references": [{"id": "CVE-2021-22502", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22502"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Operation Bridge Reporter (OBR)", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Micro Focus", "vulnerabilityName": "Micro Focus Operation Bridge Report (OBR) Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "eb10228b-8d71-4628-8e00-efcc869034c6", "vulnerability": {"vulnId": "CVE-2019-1429", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "eb10228b-8d71-4628-8e00-efcc869034c6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a memory corruption vulnerability which can allow for remote code execution in the context of the current user. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1429"}, "references": [{"id": "CVE-2019-1429", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1429"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416", "CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "eb2b7865-a421-4559-b37e-aed4ee78c423", "vulnerability": {"vulnId": "CVE-2021-35211", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "eb2b7865-a421-4559-b37e-aed4ee78c423", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SolarWinds Serv-U Remote Code Execution Vulnerability | Affected: SolarWinds / Serv-U | Description: SolarWinds Serv-U contains an unspecified memory escape vulnerability which can allow for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-35211"}, "references": [{"id": "CVE-2021-35211", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-35211"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Serv-U", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "SolarWinds", "vulnerabilityName": "SolarWinds Serv-U Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "eb59cea1-7647-4d4b-a9ac-157f73de8e8d", "vulnerability": {"vulnId": "CVE-2021-28664", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "eb59cea1-7647-4d4b-a9ac-157f73de8e8d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability | Affected: Arm / Mali Graphics Processing Unit (GPU) | Description: Arm Mali Graphics Processing Unit (GPU) kernel driver contains an unspecified vulnerability that may allow a non-privileged user to gain write access to read-only memory, gain root privilege, corrupt memory, and modify the memory of other processes. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-28664"}, "references": [{"id": "CVE-2021-28664", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-28664"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Mali Graphics Processing Unit (GPU)", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Arm", "vulnerabilityName": "Arm Mali Graphics Processing Unit (GPU) Unspecified Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "268dd1a9-a60c-4f31-8b33-9850e77114f8", "vulnerability": {"vulnId": "CVE-2020-17530", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "268dd1a9-a60c-4f31-8b33-9850e77114f8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Struts Remote Code Execution Vulnerability | Affected: Apache / Struts | Description: Forced Object-Graph Navigation Language (OGNL) evaluation in Apache Struts, when evaluated on raw user input in tag attributes, can lead to remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-17530"}, "references": [{"id": "CVE-2020-17530", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-17530"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-917"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Struts", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apache", "vulnerabilityName": "Apache Struts Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ebf9e340-0d7c-45b5-917a-ae1fdb127b37", "vulnerability": {"vulnId": "CVE-2018-11776", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ebf9e340-0d7c-45b5-917a-ae1fdb127b37", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache Struts Remote Code Execution Vulnerability | Affected: Apache / Struts | Description: Apache Struts contains a vulnerability that allows for remote code execution under two circumstances. One, where the alwaysSelectFullNamespace option is true and the value isn't set for a result defined in underlying configurations and in same time, its upper package configuration have no or wildcard namespace.  Or, using URL tag which doesn't have value and action set and in same time, its upper package configuration have no or wildcard namespace. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-11776"}, "references": [{"id": "CVE-2018-11776", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-11776"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Struts", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apache", "vulnerabilityName": "Apache Struts Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "ecf21bc7-f09d-47c1-9b45-ac691cbd5635", "vulnerability": {"vulnId": "CVE-2021-1675", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ecf21bc7-f09d-47c1-9b45-ac691cbd5635", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Print Spooler Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Print Spooler contains an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1675"}, "references": [{"id": "CVE-2021-1675", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1675"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-285"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Print Spooler Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "ee0fecf3-0a24-4cc6-80d2-987d216c2053", "vulnerability": {"vulnId": "CVE-2019-1367", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "ee0fecf3-0a24-4cc6-80d2-987d216c2053", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a memory corruption vulnerability in how the scripting engine handles objects in memory. Successful exploitation allows for remote code execution in the context of the current user. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1367"}, "references": [{"id": "CVE-2019-1367", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1367"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "57ec781f-aa75-4fce-a323-ddb266c1b3ab", "vulnerability": {"vulnId": "CVE-2018-0171", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "57ec781f-aa75-4fce-a323-ddb266c1b3ab", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability | Affected: Cisco / IOS and IOS XE | Description: Cisco IOS and IOS XE Software improperly validates packet data, allowing an unauthenticated, remote attacker to trigger a reload of an affected device, cause a denial-of-service (DoS) condition, or perform code execution on the affected device. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0171"}, "references": [{"id": "CVE-2018-0171", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0171"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS and IOS XE", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS and IOS XE Software Smart Install Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "4a4ef3e6-e5ae-467f-a167-fae56512c3f3", "vulnerability": {"vulnId": "CVE-2019-18988", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "4a4ef3e6-e5ae-467f-a167-fae56512c3f3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: TeamViewer Desktop Bypass Remote Login Vulnerability | Affected: TeamViewer / Desktop | Description: TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended Access password to the system (which allows for remote login to the system). | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-18988"}, "references": [{"id": "CVE-2019-18988", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-18988"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-521"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Desktop", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "TeamViewer", "vulnerabilityName": "TeamViewer Desktop Bypass Remote Login Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "23cfb634-e712-4c9e-b4d2-db4866266ab5", "vulnerability": {"vulnId": "CVE-2016-0185", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "23cfb634-e712-4c9e-b4d2-db4866266ab5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Media Center Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows Media Center contains a remote code execution vulnerability when Windows Media Center opens a specially crafted Media Center link (.mcl) file that references malicious code. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-0185"}, "references": [{"id": "CVE-2016-0185", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-0185"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Media Center Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "224cda1c-77ec-48c8-9a2c-5ec7de034839", "vulnerability": {"vulnId": "CVE-2020-3580", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "224cda1c-77ec-48c8-9a2c-5ec7de034839", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability | Affected: Cisco / Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) | Description: Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an insufficient input validation vulnerability for user-supplied input by the web services interface.  Successful exploitation could allow an attacker to perform cross-site scripting (XSS) in the context of the interface or access sensitive browser-based information. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3580"}, "references": [{"id": "CVE-2020-3580", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3580"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD)", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco ASA and FTD Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "20f235ce-3d57-4e29-8c83-f338b7576c76", "vulnerability": {"vulnId": "CVE-2021-21220", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "20f235ce-3d57-4e29-8c83-f338b7576c76", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Improper Input Validation Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains an improper input validation vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21220"}, "references": [{"id": "CVE-2021-21220", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21220"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Improper Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "efd8d845-a1d6-4683-be7b-4d82e377f9a2", "vulnerability": {"vulnId": "CVE-2021-34473", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "efd8d845-a1d6-4683-be7b-4d82e377f9a2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-34473"}, "references": [{"id": "CVE-2021-34473", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-34473"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "20f003bd-887f-4718-8bff-0e13b32e7cf0", "vulnerability": {"vulnId": "CVE-2021-22506", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "20f003bd-887f-4718-8bff-0e13b32e7cf0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Micro Focus Access Manager Information Leakage Vulnerability | Affected: Micro Focus / Micro Focus Access Manager | Description: Micro Focus Access Manager contains an information leakage vulnerability resulting from a SAML service provider redirection issue when the Assertion Consumer Service URL is used. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-22506"}, "references": [{"id": "CVE-2021-22506", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-22506"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Micro Focus Access Manager", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Micro Focus", "vulnerabilityName": "Micro Focus Access Manager Information Leakage Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "20ac44ce-0563-4169-8459-dbabc602a92d", "vulnerability": {"vulnId": "CVE-2021-41773", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "20ac44ce-0563-4169-8459-dbabc602a92d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache HTTP Server Path Traversal Vulnerability | Affected: Apache / HTTP Server | Description: Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default \ufffdrequire all denied\ufffd or if CGI scripts are enabled. The original patch issued under this CVE ID is insufficient, please review remediation information under CVE-2021-42013. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-41773"}, "references": [{"id": "CVE-2021-41773", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-41773"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HTTP Server", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apache", "vulnerabilityName": "Apache HTTP Server Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "f06e40b2-7270-4648-8a8f-424352444529", "vulnerability": {"vulnId": "CVE-2020-15999", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f06e40b2-7270-4648-8a8f-424352444529", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chrome FreeType Heap Buffer Overflow Vulnerability | Affected: Google / Chrome FreeType | Description: Google Chrome uses FreeType, an open-source software library to render fonts, which contains a heap buffer overflow vulnerability in the function Load_SBit_Png when processing PNG images embedded into fonts. This vulnerability is part of an exploit chain with CVE-2020-17087 on Windows and CVE-2020-16010 on Android. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-15999"}, "references": [{"id": "CVE-2020-15999", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-15999"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chrome FreeType", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chrome FreeType Heap Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1f17a6b6-8a54-41c5-a85c-c66c87000690", "vulnerability": {"vulnId": "CVE-2020-3950", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1f17a6b6-8a54-41c5-a85c-c66c87000690", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: VMware Multiple Products Privilege Escalation Vulnerability | Affected: VMware / Multiple Products | Description: VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3950"}, "references": [{"id": "CVE-2020-3950", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3950"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-269"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "VMware", "vulnerabilityName": "VMware Multiple Products Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "d2b20001-9f20-4c35-88ae-7f16d4961147", "vulnerability": {"vulnId": "CVE-2021-27104", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "d2b20001-9f20-4c35-88ae-7f16d4961147", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Accellion FTA OS Command Injection Vulnerability | Affected: Accellion / FTA | Description: Accellion FTA contains an OS command injection vulnerability exploited via a crafted POST request to various admin endpoints. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-27104"}, "references": [{"id": "CVE-2021-27104", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27104"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FTA", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Accellion", "vulnerabilityName": "Accellion FTA OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "1ed4df3d-25d7-4ae8-957e-4847bafa3266", "vulnerability": {"vulnId": "CVE-2021-26858", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1ed4df3d-25d7-4ae8-957e-4847bafa3266", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26858"}, "references": [{"id": "CVE-2021-26858", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-26858"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "1bd9845d-289e-4e86-be75-92434ef4ef33", "vulnerability": {"vulnId": "CVE-2017-8759", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1bd9845d-289e-4e86-be75-92434ef4ef33", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft .NET Framework Remote Code Execution Vulnerability | Affected: Microsoft / .NET Framework | Description: Microsoft .NET Framework contains a remote code execution vulnerability when processing untrusted input that could allow an attacker to take control of an affected system. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2017-8759"}, "references": [{"id": "CVE-2017-8759", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2017-8759"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": ".NET Framework", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft .NET Framework Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f2f4620a-951a-42d1-bc0e-8442b1a1f5d8", "vulnerability": {"vulnId": "CVE-2020-14750", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f2f4620a-951a-42d1-bc0e-8442b1a1f5d8", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Oracle WebLogic Server Remote Code Execution Vulnerability | Affected: Oracle / WebLogic Server | Description: Oracle WebLogic Server contains an unspecified vulnerability allowing an unauthenticated attacker to perform remote code execution. This vulnerability is related to CVE-2020-14882. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-14750"}, "references": [{"id": "CVE-2020-14750", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-14750"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WebLogic Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Oracle", "vulnerabilityName": "Oracle WebLogic Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f3731dfd-5683-40f8-8aed-10e677f72a37", "vulnerability": {"vulnId": "CVE-2018-20062", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f3731dfd-5683-40f8-8aed-10e677f72a37", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: ThinkPHP \"noneCms\" Remote Code Execution Vulnerability | Affected: ThinkPHP / noneCms | Description: ThinkPHP \"noneCms\" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-20062"}, "references": [{"id": "CVE-2018-20062", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-20062"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "noneCms", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "ThinkPHP", "vulnerabilityName": "ThinkPHP \"noneCms\" Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f3947cca-c8c9-42be-aeb5-3d0b96a25e06", "vulnerability": {"vulnId": "CVE-2019-8394", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f3947cca-c8c9-42be-aeb5-3d0b96a25e06", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability | Affected: Zoho / ManageEngine | Description: Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-8394"}, "references": [{"id": "CVE-2019-8394", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-8394"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ManageEngine", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Zoho", "vulnerabilityName": "Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1b9c43d9-fd15-4ff8-93a6-64204aa109fd", "vulnerability": {"vulnId": "CVE-2018-0802", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1b9c43d9-fd15-4ff8-93a6-64204aa109fd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Memory Corruption Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office contains a memory corruption vulnerability due to the way objects are handled in memory. Successful exploitation allows for remote code execution in the context of the current user. This vulnerability is known to be chained with CVE-2018-0798. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-0802"}, "references": [{"id": "CVE-2018-0802", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-0802"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f465c400-430a-46e1-8555-5105c2eaa6e7", "vulnerability": {"vulnId": "CVE-2020-0986", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f465c400-430a-46e1-8555-5105c2eaa6e7", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Kernel Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows kernel contains an unspecified vulnerability when handling objects in memory that allows attackers to escalate privileges and execute code in kernel mode. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0986"}, "references": [{"id": "CVE-2020-0986", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0986"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Kernel Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "004fced9-0b07-4290-8f4f-49a1290e3cdb", "vulnerability": {"vulnId": "CVE-2021-26411", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "004fced9-0b07-4290-8f4f-49a1290e3cdb", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains an unspecified vulnerability that allows for memory corruption. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-26411"}, "references": [{"id": "CVE-2021-26411", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-26411"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-416"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "192851b1-d7a2-48b0-bcba-424d73932c36", "vulnerability": {"vulnId": "CVE-2015-1641", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "192851b1-d7a2-48b0-bcba-424d73932c36", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office Memory Corruption Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office contains a memory corruption vulnerability due to failure to properly handle rich text format files in memory. Successful exploitation allows for remote code execution in the context of the current user. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2015-1641"}, "references": [{"id": "CVE-2015-1641", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-1641"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-399"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f4fe6680-3c0a-4afb-a69d-ab1c3d5cf4e0", "vulnerability": {"vulnId": "CVE-2019-19781", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f4fe6680-3c0a-4afb-a69d-ab1c3d5cf4e0", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability | Affected: Citrix / Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance | Description: Citrix ADC, Citrix Gateway, and multiple Citrix SD-WAN WANOP appliance models contain an unspecified vulnerability that could allow an unauthenticated attacker to perform code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-19781"}, "references": [{"id": "CVE-2019-19781", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-19781"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Application Delivery Controller (ADC), Gateway, and SD-WAN WANOP Appliance", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Citrix", "vulnerabilityName": "Citrix ADC, Gateway, and SD-WAN WANOP Appliance Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "fec2beac-49a6-4274-9c63-e2a7f7d2f621", "vulnerability": {"vulnId": "CVE-2020-0878", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fec2beac-49a6-4274-9c63-e2a7f7d2f621", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Edge and Internet Explorer Memory Corruption Vulnerability | Affected: Microsoft / Edge and Internet Explorer | Description: Microsoft Edge and Internet Explorer contain a memory corruption vulnerability that allows attackers to execute code in the context of the current user. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0878"}, "references": [{"id": "CVE-2020-0878", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0878"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Edge and Internet Explorer", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Edge and Internet Explorer Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "16ebc6fd-a310-4ea5-aa6b-07f8858daf04", "vulnerability": {"vulnId": "CVE-2021-27103", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "16ebc6fd-a310-4ea5-aa6b-07f8858daf04", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability | Affected: Accellion / FTA | Description: Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-27103"}, "references": [{"id": "CVE-2021-27103", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27103"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FTA", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Accellion", "vulnerabilityName": "Accellion FTA Server-Side Request Forgery (SSRF) Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "f590bb0b-4d72-4156-a05f-1fbd6092f927", "vulnerability": {"vulnId": "CVE-2019-19356", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f590bb0b-4d72-4156-a05f-1fbd6092f927", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Netis WF2419 Devices Remote Code Execution Vulnerability | Affected: Netis / WF2419 Devices | Description: Netis WF2419 devices contains an unspecified vulnerability that allows an attacker to perform remote code execution as root through the router's web management page. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-19356"}, "references": [{"id": "CVE-2019-19356", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-19356"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "WF2419 Devices", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Netis", "vulnerabilityName": "Netis WF2419 Devices Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f59984a2-fb70-4f3b-907e-489d2e9f1ee2", "vulnerability": {"vulnId": "CVE-2020-1472", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f59984a2-fb70-4f3b-907e-489d2e9f1ee2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Netlogon Privilege Escalation Vulnerability | Affected: Microsoft / Netlogon | Description: Microsoft's Netlogon Remote Protocol (MS-NRPC) contains a privilege escalation vulnerability when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller. An attacker who successfully exploits the vulnerability could run a specially crafted application on a device on the network. The vulnerability is also known under the moniker of Zerologon. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): Reference CISA's ED 20-04 (https://www.cisa.gov/news-events/directives/ed-20-04-mitigate-netlogon-elevation-privilege-vulnerability-august-2020-patch-tuesday) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 20-04. https://nvd.nist.gov/vuln/detail/CVE-2020-1472"}, "references": [{"id": "CVE-2020-1472", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1472"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-330"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Netlogon", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Netlogon Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "f6527a30-f2b0-4668-9609-5a5c87eaaace", "vulnerability": {"vulnId": "CVE-2020-26919", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f6527a30-f2b0-4668-9609-5a5c87eaaace", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability | Affected: NETGEAR / JGS516PE Devices | Description: Netgear JGS516PE devices contain a missing function level access control vulnerability. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-26919"}, "references": [{"id": "CVE-2020-26919", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-26919"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "JGS516PE Devices", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "NETGEAR", "vulnerabilityName": "Netgear JGS516PE Devices Missing Function Level Access Control Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "feb7cbac-5091-49b6-b6a9-be2d50c0796d", "vulnerability": {"vulnId": "CVE-2021-31755", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "feb7cbac-5091-49b6-b6a9-be2d50c0796d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Tenda AC11 Router Stack Buffer Overflow Vulnerability | Affected: Tenda / AC11 Router | Description: Tenda AC11 devices contain a stack buffer overflow vulnerability in /goform/setmac which allows attackers to execute code via a crafted post request. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-31755"}, "references": [{"id": "CVE-2021-31755", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-31755"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "AC11 Router", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Tenda", "vulnerabilityName": "Tenda AC11 Router Stack Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "c13f9463-2eab-4916-9adf-efbbaabba925", "vulnerability": {"vulnId": "CVE-2020-17144", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "c13f9463-2eab-4916-9adf-efbbaabba925", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server improperly validates cmdlet arguments which allow an attacker to perform remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-17144"}, "references": [{"id": "CVE-2020-17144", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-17144"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f70f89eb-99cf-4819-a919-397f5419c8e1", "vulnerability": {"vulnId": "CVE-2019-1215", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f70f89eb-99cf-4819-a919-397f5419c8e1", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows Privilege Escalation Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows contains an unspecified vulnerability due to the way ws2ifsl.sys (Winsock) handles objects in memory, allowing for privilege escalation. Successful exploitation allows an attacker to execute code with elevated privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-1215"}, "references": [{"id": "CVE-2019-1215", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-1215"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "f78314f4-6d45-4c3d-8e17-a569f8d0605b", "vulnerability": {"vulnId": "CVE-2020-3118", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f78314f4-6d45-4c3d-8e17-a569f8d0605b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Cisco IOS XR Software Discovery Protocol Format String Vulnerability | Affected: Cisco / IOS XR | Description: Cisco IOS XR improperly validates string input from certain fields in Cisco Discovery Protocol messages. Exploitation could allow an unauthenticated, adjacent attacker to execute code with administrative privileges or cause a reload on an affected device. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-3118"}, "references": [{"id": "CVE-2020-3118", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-3118"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-134"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "IOS XR", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Cisco", "vulnerabilityName": "Cisco IOS XR Software Discovery Protocol Format String Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "12a14c99-37f0-40c7-ad36-762578fcd01a", "vulnerability": {"vulnId": "CVE-2021-21017", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "12a14c99-37f0-40c7-ad36-762578fcd01a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability | Affected: Adobe / Acrobat and Reader | Description: Acrobat Acrobat and Reader contain a heap-based buffer overflow vulnerability that could allow an unauthenticated attacker to achieve code execution in the context of the current user. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-21017"}, "references": [{"id": "CVE-2021-21017", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-21017"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-122"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Acrobat and Reader", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Adobe", "vulnerabilityName": "Adobe Acrobat and Reader Heap-based Buffer Overflow Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "11d06044-17b2-4ae2-986e-cb976913702a", "vulnerability": {"vulnId": "CVE-2021-42013", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "11d06044-17b2-4ae2-986e-cb976913702a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apache HTTP Server Path Traversal Vulnerability | Affected: Apache / HTTP Server | Description: Apache HTTP Server contains a path traversal vulnerability that allows an attacker to perform remote code execution if files outside directories configured by Alias-like directives are not under default require all denied or if CGI scripts are enabled. This CVE ID resolves an incomplete patch for CVE-2021-41773. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-42013"}, "references": [{"id": "CVE-2021-42013", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-42013"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-22"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "HTTP Server", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apache", "vulnerabilityName": "Apache HTTP Server Path Traversal Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "f940dd78-c8e7-4917-8179-bc9dd88f28dd", "vulnerability": {"vulnId": "CVE-2021-1879", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f940dd78-c8e7-4917-8179-bc9dd88f28dd", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability | Affected: Apple / iOS, iPadOS, and watchOS | Description: Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1879"}, "references": [{"id": "CVE-2021-1879", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1879"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-79"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "iOS, iPadOS, and watchOS", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f973bd04-0627-4b07-874b-7212289685e5", "vulnerability": {"vulnId": "CVE-2021-33742", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f973bd04-0627-4b07-874b-7212289685e5", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability | Affected: Microsoft / Windows | Description: Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-33742"}, "references": [{"id": "CVE-2021-33742", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-33742"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787", "CWE-823"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Windows", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Windows MSHTML Platform Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "f9979b12-2398-49a7-ad74-192df58c4139", "vulnerability": {"vulnId": "CVE-2020-16846", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "f9979b12-2398-49a7-ad74-192df58c4139", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SaltStack Salt Shell Injection Vulnerability | Affected: SaltStack / Salt | Description: SaltStack Salt allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt API using the SSH client. This vulnerability affects any users running the Salt API. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-16846"}, "references": [{"id": "CVE-2020-16846", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-16846"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Salt", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "SaltStack", "vulnerabilityName": "SaltStack Salt Shell Injection Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "0e287dc6-824c-4772-84c7-225e5ec4fae6", "vulnerability": {"vulnId": "CVE-2019-11634", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0e287dc6-824c-4772-84c7-225e5ec4fae6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability | Affected: Citrix / Workspace Application and Receiver for Windows | Description: Citrix Workspace Application and Receiver for Windows contains remote code execution vulnerability resulting from local drive access preferences not being enforced into the clients' local drives. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2019-11634"}, "references": [{"id": "CVE-2019-11634", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2019-11634"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Workspace Application and Receiver for Windows", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Citrix", "vulnerabilityName": "Citrix Workspace Application and Receiver for Windows Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "0ab4e3ae-bc37-48c6-9221-147fcbbd4c62", "vulnerability": {"vulnId": "CVE-2016-0167", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "0ab4e3ae-bc37-48c6-9221-147fcbbd4c62", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation via a crafted application | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-0167"}, "references": [{"id": "CVE-2016-0167", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-0167"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "fa8b1889-d442-4c63-8fee-8541d10b649f", "vulnerability": {"vulnId": "CVE-2021-27102", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fa8b1889-d442-4c63-8fee-8541d10b649f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Accellion FTA OS Command Injection Vulnerability | Affected: Accellion / FTA | Description: Accellion FTA contains an OS command injection vulnerability exploited via a local web service call. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-27102"}, "references": [{"id": "CVE-2021-27102", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27102"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20", "CWE-78"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "FTA", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Accellion", "vulnerabilityName": "Accellion FTA OS Command Injection Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "fab6bc63-43a7-43cd-b173-8cbae2638653", "vulnerability": {"vulnId": "CVE-2021-26855", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fab6bc63-43a7-43cd-b173-8cbae2638653", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-26855"}, "references": [{"id": "CVE-2021-26855", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-26855"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-918"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "facc46a1-ecb0-4dac-a1c0-f0d1866bb91f", "vulnerability": {"vulnId": "CVE-2021-20022", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "facc46a1-ecb0-4dac-a1c0-f0d1866bb91f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: SonicWall Email Security Unrestricted Upload of File Vulnerability | Affected: SonicWall / SonicWall Email Security | Description: SonicWall Email Security contains an unrestricted upload of file with dangerous type vulnerability that allows a post-authenticated attacker to upload a file to the remote host. This vulnerability has known usage in a SonicWall Email Security exploit chain along with CVE-2021-20021 and CVE-2021-20023 to achieve privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-20022"}, "references": [{"id": "CVE-2021-20022", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-20022"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-434"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "SonicWall Email Security", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "SonicWall", "vulnerabilityName": "SonicWall Email Security Unrestricted Upload of File Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "09b10289-95c7-485d-8b5d-6553c60c883c", "vulnerability": {"vulnId": "CVE-2020-0069", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "09b10289-95c7-485d-8b5d-6553c60c883c", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability | Affected: MediaTek / Multiple Chipsets | Description: Multiple MediaTek chipsets contain an insufficient input validation vulnerability and have missing SELinux restrictions in the Command Queue drivers ioctl handlers. This causes an out-of-bounds write leading to privilege escalation. This vulnerability was observed chained with CVE-2019-2215 and CVE-2020-0041 under exploit chain \"AbstractEmu.\" | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0069"}, "references": [{"id": "CVE-2020-0069", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0069"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Chipsets", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "MediaTek", "vulnerabilityName": "Mediatek Multiple Chipsets Insufficient Input Validation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "089102d9-d75d-4551-9174-db521c2bd1e3", "vulnerability": {"vulnId": "CVE-2020-16009", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "089102d9-d75d-4551-9174-db521c2bd1e3", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Google Chromium V8 Type Confusion Vulnerability | Affected: Google / Chromium V8 | Description: Google Chromium V8 Engine contains a type confusion vulnerability that allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-16009"}, "references": [{"id": "CVE-2020-16009", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-16009"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787", "CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Chromium V8", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Google", "vulnerabilityName": "Google Chromium V8 Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fdc1a843-531a-47ca-bb86-3b1549345377", "vulnerability": {"vulnId": "CVE-2020-27932", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fdc1a843-531a-47ca-bb86-3b1549345377", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Type Confusion Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-27932"}, "references": [{"id": "CVE-2020-27932", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-27932"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-843"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Type Confusion Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "55c0c717-e356-4c99-a585-bb8c875ba7da", "vulnerability": {"vulnId": "CVE-2020-0968", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "55c0c717-e356-4c99-a585-bb8c875ba7da", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-0968"}, "references": [{"id": "CVE-2020-0968", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-0968"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fcb05f8b-fae0-49ee-bbea-223dfcb60c23", "vulnerability": {"vulnId": "CVE-2021-27065", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fcb05f8b-fae0-49ee-bbea-223dfcb60c23", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Exchange Server Remote Code Execution Vulnerability | Affected: Microsoft / Exchange Server | Description: Microsoft Exchange Server contains an unspecified vulnerability that allows for remote code execution. This vulnerability is part of the ProxyLogon exploit chain. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Known | Notes (KEV): Reference CISA's ED 21-02 (https://www.cisa.gov/news-events/directives/ed-21-02-mitigate-microsoft-exchange-premises-product-vulnerabilities) for further guidance and requirements. Note: The due date for addressing this vulnerability aligns with the requirements outlined in ED 21-02. https://nvd.nist.gov/vuln/detail/CVE-2021-27065"}, "references": [{"id": "CVE-2021-27065", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-27065"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-39"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Exchange Server", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Exchange Server Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "069289e3-1bee-430f-ade5-f010a9c4b57f", "vulnerability": {"vulnId": "CVE-2021-30807", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "069289e3-1bee-430f-ade5-f010a9c4b57f", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Apple Multiple Products Memory Corruption Vulnerability | Affected: Apple / Multiple Products | Description: Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30807"}, "references": [{"id": "CVE-2021-30807", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30807"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Apple", "vulnerabilityName": "Apple Multiple Products Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "fcbf85d1-fd60-42f2-8b6a-dc3e763408e6", "vulnerability": {"vulnId": "CVE-2018-8653", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "fcbf85d1-fd60-42f2-8b6a-dc3e763408e6", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability | Affected: Microsoft / Internet Explorer | Description: Microsoft Internet Explorer contains a memory corruption vulnerability due to how the Scripting Engine handles objects in memory, leading to remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2018-8653"}, "references": [{"id": "CVE-2018-8653", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2018-8653"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Internet Explorer", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "1ebc619b-5356-4c09-9ec9-07935ed74000", "vulnerability": {"vulnId": "CVE-2020-17496", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1ebc619b-5356-4c09-9ec9-07935ed74000", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: vBulletin PHP Module Remote Code Execution Vulnerability | Affected: vBulletin / vBulletin | Description: The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-17496"}, "references": [{"id": "CVE-2020-17496", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-17496"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-74"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "vBulletin", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "vBulletin", "vulnerabilityName": "vBulletin PHP Module Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "5a5793c8-7729-4a66-8da7-18aef84bf6c9", "vulnerability": {"vulnId": "CVE-2016-3718", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "5a5793c8-7729-4a66-8da7-18aef84bf6c9", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: ImageMagick Server-Side Request Forgery (SSRF) Vulnerability | Affected: ImageMagick / ImageMagick | Description: ImageMagick contains an unspecified vulnerability that allows attackers to perform server-side request forgery (SSRF) via a crafted image. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-3718"}, "references": [{"id": "CVE-2016-3718", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3718"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-20"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "ImageMagick", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "ImageMagick", "vulnerabilityName": "ImageMagick Server-Side Request Forgery (SSRF) Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "244a6793-7140-42d8-8918-47c48a492504", "vulnerability": {"vulnId": "CVE-2016-3235", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "244a6793-7140-42d8-8918-47c48a492504", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Office OLE DLL Side Loading Vulnerability | Affected: Microsoft / Office | Description: Microsoft Office Object Linking & Embedding (OLE) dynamic link library (DLL) contains a side loading vulnerability due to it improperly validating input before loading libraries. Successful exploitation allows for remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2016-3235"}, "references": [{"id": "CVE-2016-3235", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2016-3235"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-264"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Office", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Office OLE DLL Side Loading Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "819b768f-8bd5-4199-9f62-1920e0a260b2", "vulnerability": {"vulnId": "CVE-2020-29583", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "819b768f-8bd5-4199-9f62-1920e0a260b2", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability | Affected: Zyxel / Multiple Products | Description: Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account (\"zyfwp\") with an unchangeable password. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-29583"}, "references": [{"id": "CVE-2020-29583", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-29583"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-522"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Multiple Products", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Zyxel", "vulnerabilityName": "Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "617c6eff-8636-45f1-8ba4-a2b6949d071a", "vulnerability": {"vulnId": "CVE-2020-7961", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "617c6eff-8636-45f1-8ba4-a2b6949d071a", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Liferay Portal Deserialization of Untrusted Data Vulnerability | Affected: Liferay / Liferay Portal | Description: Liferay Portal contains a deserialization of untrusted data vulnerability that allows remote attackers to execute code via JSON web services. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-7961"}, "references": [{"id": "CVE-2020-7961", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-7961"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-502"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Liferay Portal", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Liferay", "vulnerabilityName": "Liferay Portal Deserialization of Untrusted Data Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "6924827c-800f-405c-9c5b-4b98a828336d", "vulnerability": {"vulnId": "CVE-2021-38647", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "6924827c-800f-405c-9c5b-4b98a828336d", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | Affected: Microsoft / Open Management Infrastructure (OMI) | Description: Microsoft Open Management Infrastructure (OMI) within Azure VM Management Extensions contains an unspecified vulnerability allowing remote code execution. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-38647"}, "references": [{"id": "CVE-2021-38647", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-38647"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-1390"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Open Management Infrastructure (OMI)", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Open Management Infrastructure (OMI) Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "a57b872c-aea7-4dc5-b9c6-f7a429b8887b", "vulnerability": {"vulnId": "CVE-2021-1732", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "a57b872c-aea7-4dc5-b9c6-f7a429b8887b", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Win32k contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Known | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-1732"}, "references": [{"id": "CVE-2021-1732", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-1732"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Known"}}]}
{"uuid": "1925c31f-13c3-421e-bbdc-3727798c7018", "vulnerability": {"vulnId": "CVE-2021-28310", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "1925c31f-13c3-421e-bbdc-3727798c7018", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft Win32k Privilege Escalation Vulnerability | Affected: Microsoft / Win32k | Description: Microsoft Windows Win32k contains an unspecified vulnerability that allows for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-28310"}, "references": [{"id": "CVE-2021-28310", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-28310"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": ["CWE-787"], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": "Win32k", "due_date": "2021-11-17", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft Win32k Privilege Escalation Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}
{"uuid": "7845dda4-0ba0-49d0-a4f9-020b4f469624", "vulnerability": {"vulnId": "CVE-2020-1147", "altId": []}, "status": {"exploited": true, "status_reason": "confirmed", "status_updated_at": "2021-11-03T00:00:00+00:00"}, "gcve": {"object_uuid": "7845dda4-0ba0-49d0-a4f9-020b4f469624", "origin_uuid": "405284c2-e461-4670-8979-7fd2c9755a60"}, "characteristics": {}, "timestamps": {"asserted_at": "2021-11-03T00:00:00Z", "recorded_at": "2026-02-02T12:25:39Z", "first_seen_at": "2021-11-03T00:00:00Z"}, "scope": {"notes": "KEV entry: Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability | Affected: Microsoft / .NET Framework, SharePoint, Visual Studio | Description: Microsoft .NET Framework, Microsoft SharePoint, and Visual Studio contain a remote code execution vulnerability when the software fails to check the source markup of XML file input. Successful exploitation allows an attacker to execute code in the context of the process responsible for deserialization of the XML content. | Required action: Apply updates per vendor instructions. | Due date: 2022-05-03 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2020-1147"}, "references": [{"id": "CVE-2020-1147", "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-1147"}], "evidence": [{"source": "cisa-kev", "type": "vendor_report", "signal": "successful_exploitation", "confidence": 0.8, "details": {"cwes": [], "feed": "CISA Known Exploited Vulnerabilities Catalog", "product": ".NET Framework, SharePoint, Visual Studio", "due_date": "2022-05-03", "date_added": "2021-11-03", "vendorProject": "Microsoft", "vulnerabilityName": "Microsoft .NET Framework, SharePoint, and Visual Studio Remote Code Execution Vulnerability", "knownRansomwareCampaignUse": "Unknown"}}]}