www.cisa.gov
Open in
urlscan Pro
2a02:26f0:f500:48a::447a
Public Scan
URL:
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Submission: On May 14 via api from TR — Scanned from DE
Submission: On May 14 via api from TR — Scanned from DE
Form analysis 3 forms found in the DOM
<form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id1">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id50" class="gstl_50 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti50" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id1" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st50" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb50" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form><form class="gsc-search-box gsc-search-box-tools" accept-charset="utf-8">
<table cellspacing="0" cellpadding="0" role="presentation" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<div class="gsc-input-box" id="gsc-iw-id2">
<table cellspacing="0" cellpadding="0" role="presentation" id="gs_id51" class="gstl_51 gsc-input" style="width: 100%; padding: 0px;">
<tbody>
<tr>
<td id="gs_tti51" class="gsib_a"><input autocomplete="off" type="text" size="10" class="gsc-input" name="search" title="search" aria-label="search" id="gsc-i-id2" dir="ltr" spellcheck="false"
style="width: 100%; padding: 0px; border: none; margin: 0px; height: auto; outline: none;"></td>
<td class="gsib_b">
<div class="gsst_b" id="gs_st51" dir="ltr"><a class="gsst_a" href="javascript:void(0)" title="Clear search box" role="button" style="display: none;"><span class="gscb_a" id="gs_cb51" aria-hidden="true">×</span></a></div>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td class="gsc-search-button"><button class="gsc-search-button gsc-search-button-v2"><svg width="13" height="13" viewBox="0 0 13 13">
<title>search</title>
<path
d="m4.8495 7.8226c0.82666 0 1.5262-0.29146 2.0985-0.87438 0.57232-0.58292 0.86378-1.2877 0.87438-2.1144 0.010599-0.82666-0.28086-1.5262-0.87438-2.0985-0.59352-0.57232-1.293-0.86378-2.0985-0.87438-0.8055-0.010599-1.5103 0.28086-2.1144 0.87438-0.60414 0.59352-0.8956 1.293-0.87438 2.0985 0.021197 0.8055 0.31266 1.5103 0.87438 2.1144 0.56172 0.60414 1.2665 0.8956 2.1144 0.87438zm4.4695 0.2115 3.681 3.6819-1.259 1.284-3.6817-3.7 0.0019784-0.69479-0.090043-0.098846c-0.87973 0.76087-1.92 1.1413-3.1207 1.1413-1.3553 0-2.5025-0.46363-3.4417-1.3909s-1.4088-2.0686-1.4088-3.4239c0-1.3553 0.4696-2.4966 1.4088-3.4239 0.9392-0.92727 2.0864-1.3969 3.4417-1.4088 1.3553-0.011889 2.4906 0.45771 3.406 1.4088 0.9154 0.95107 1.379 2.0924 1.3909 3.4239 0 1.2126-0.38043 2.2588-1.1413 3.1385l0.098834 0.090049z">
</path>
</svg></button></td>
<td class="gsc-clear-button">
<div class="gsc-clear-button" title="clear results"> </div>
</td>
</tr>
</tbody>
</table>
</form>GET /known-exploited-vulnerabilities-catalog
<form action="/known-exploited-vulnerabilities-catalog" method="get" id="views-exposed-form-index-kev-listing-block-1" accept-charset="UTF-8">
<div class="c-form-item c-form-item--text c-form-item--id-search-api-fulltext js-form-item js-form-type-textfield js-form-item-search-api-fulltext">
<label for="edit-search-api-fulltext" class="c-form-item__label">Text Search <span class="usa-hint"> (optional) </span></label>
<input data-drupal-selector="edit-search-api-fulltext" type="text" id="edit-search-api-fulltext" name="search_api_fulltext" value="" size="30" maxlength="128" class="c-form-item__text">
</div>
<div class="c-form-item c-form-item--select c-form-item--id-field-date-added-wrapper js-form-item js-form-type-select js-form-item-field-date-added-wrapper">
<label for="edit-field-date-added-wrapper" class="c-form-item__label">Date Added <span class="usa-hint"> (optional) </span></label>
<select data-drupal-selector="edit-field-date-added-wrapper" id="edit-field-date-added-wrapper" name="field_date_added_wrapper" class="c-form-item__select c-form-item--select">
<option value="all"></option>
<option value="30">Last 30 Days</option>
<option value="60">Last 60 Days</option>
<option value="90">Last 90 Days</option>
<option value="year">Last Year</option>
</select>
</div>
<div class="c-form-item c-form-item--select c-form-item--id-sort-by js-form-item js-form-type-select js-form-item-sort-by">
<label for="edit-sort-by" class="c-form-item__label">Sort by <span class="usa-hint"> (optional) </span></label>
<select data-drupal-selector="edit-sort-by" id="edit-sort-by" name="sort_by" class="c-form-item__select c-form-item--select">
<option value="field_date_added" selected="selected">Publish Date</option>
<option value="field_due_date">Due Date</option>
<option value="field_vendor_project_name">Vendor/Project A-Z</option>
</select>
</div>
<div class="c-form-item c-form-item--select c-form-item--id-items-per-page js-form-item js-form-type-select js-form-item-items-per-page">
<label for="edit-items-per-page" class="c-form-item__label">Items per page <span class="usa-hint"> (optional) </span></label>
<select data-drupal-selector="edit-items-per-page" id="edit-items-per-page" name="items_per_page" class="c-form-item__select c-form-item--select">
<option value="20" selected="selected">20</option>
<option value="50">50</option>
<option value="100">100</option>
</select>
</div>
<div data-drupal-selector="edit-actions" class="form-actions js-form-wrapper" id="edit-actions">
<input data-drupal-selector="edit-submit-index-kev-listing" type="submit" id="edit-submit-index-kev-listing" value="Apply" class="c-button js-form-submit c-form-item__submit c-button js-form-submit">
</div>
</form>Text Content
Skip to main content An official website of the United States government Here’s how you know Here’s how you know Official websites use .gov A .gov website belongs to an official government organization in the United States. Secure .gov websites use HTTPS A lock (LockA locked padlock) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites. Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue Search × search Menu Close × search * Topics Topics Cybersecurity Best Practices Cyber Threats and Advisories Critical Infrastructure Security and Resilience Election Security Emergency Communications Industrial Control Systems Information and Communications Technology Supply Chain Security Partnerships and Collaboration Physical Security Risk Management How can we help? GovernmentEducational InstitutionsIndustryState, Local, Tribal, and TerritorialIndividuals and FamiliesSmall and Medium BusinessesFind Help LocallyFaith-Based CommunityExecutivesHigh-Risk Communities * Spotlight * Resources & Tools Resources & Tools All Resources & Tools Services Programs Resources Training Groups * News & Events News & Events News Events Cybersecurity Alerts & Advisories Directives Request a CISA Speaker Congressional Testimony CISA Conferences CISA Live! * Careers Careers Benefits & Perks HireVue Applicant Reasonable Accommodations Process Hiring Resume & Application Tips Students & Recent Graduates Veteran and Military Spouses Work @ CISA * About About Culture Divisions & Offices Regions Leadership Doing Business with CISA Site Links Reporting Employee and Contractor Misconduct CISA GitHub CISA Central 2023 Year In Review Contact Us Free Cyber Services#protect2024Secure Our WorldShields UpReport A Cyber Issue Breadcrumb 1. Home Share: FILTERS What are you looking for? Text Search (optional) Date Added (optional) Last 30 DaysLast 60 DaysLast 90 DaysLast Year Sort by (optional) Publish DateDue DateVendor/Project A-Z Items per page (optional) 2050100 VENDOR/PROJECT * Accellion Accellion * Qlik Qlik * Unitronics Unitronics * FXC FXC * Spreadsheet::ParseExcel Spreadsheet::ParseExcel * Joomla! Joomla! * ConnectWise ConnectWise * Sunhillo Sunhillo * Nice Nice * CrushFTP CrushFTP * ownCloud ownCloud * Adobe Adobe * Alcatel Alcatel * Amcrest Amcrest * Android Android * Apache Apache * Apple Apple * Arcadyan Arcadyan * Arcserve Arcserve * Arm Arm * Artifex Artifex * Atlassian Atlassian * Aviatrix Aviatrix * Barracuda Networks Barracuda Networks * BQE BQE * Cacti Cacti * ChakraCore ChakraCore * Checkbox Checkbox * Cisco Cisco * Citrix Citrix * Code Aurora Code Aurora * Crestron Crestron * CWP CWP * D-Link D-Link * D-Link and TRENDnet D-Link and TRENDnet * Dasan Dasan * Dell Dell * Delta Electronics Delta Electronics * Docker Docker * dotCMS dotCMS * DotNetNuke (DNN) DotNetNuke (DNN) * DrayTek DrayTek * Drupal Drupal * Elastic Elastic * Embedthis Embedthis * Exim Exim * EyesOfNetwork EyesOfNetwork * F5 F5 * FatPipe FatPipe * ForgeRock ForgeRock * Fortinet Fortinet * Fortra Fortra * Fuel CMS Fuel CMS * GIGABYTE GIGABYTE * GitLab GitLab * GNU GNU * Google Google * Grafana Labs Grafana Labs * Grandstream Grandstream * Hewlett Packard (HP) Hewlett Packard (HP) * Hikvision Hikvision * IBM IBM * IETF IETF * Ignite Realtime Ignite Realtime * ImageMagick ImageMagick * InduSoft InduSoft * Intel Intel * Ivanti Ivanti * Jenkins Jenkins * JetBrains JetBrains * Juniper Juniper * Kaseya Kaseya * Kentico Kentico * Laravel Laravel * LG LG * Liferay Liferay * Linux Linux * McAfee McAfee * MediaTek MediaTek * Meta Platforms Meta Platforms * Micro Focus Micro Focus * Microsoft Microsoft * MikroTik MikroTik * MinIO MinIO * Mitel Mitel * MongoDB MongoDB * Mozilla Mozilla * Nagios Nagios * NETGEAR NETGEAR * Netis Netis * Netwrix Netwrix * Novi Survey Novi Survey * Npm package Npm package * October CMS October CMS * OpenBSD OpenBSD * OpenSSL OpenSSL * Oracle Oracle * Palo Alto Networks Palo Alto Networks * PaperCut PaperCut * PEAR PEAR * Perl Perl * PHP PHP * phpMyAdmin phpMyAdmin * PHPUnit PHPUnit * Pi-hole Pi-hole * PlaySMS PlaySMS * Plex Plex * Primetek Primetek * Progress Progress * Pulse Secure Pulse Secure * QNAP QNAP * QNAP Systems QNAP Systems * Qualcomm Qualcomm * Quest Quest * Rails Rails * RARLAB RARLAB * rConfig rConfig * Realtek Realtek * Red Hat Red Hat * Redis Redis * Rejetto Rejetto * Roundcube Roundcube * Ruckus Wireless Ruckus Wireless * SaltStack SaltStack * Samba Samba * Samsung Samsung * SAP SAP * Schneider Electric Schneider Electric * Siemens Siemens * SIMalliance SIMalliance * Sitecore Sitecore * SolarView SolarView * SolarWinds SolarWinds * Sonatype Sonatype * SonicWall SonicWall * Sophos Sophos * Sudo Sudo * SugarCRM SugarCRM * Sumavision Sumavision * Symantec Symantec * Synacor Synacor * SysAid SysAid * TeamViewer TeamViewer * Teclib Teclib * Telerik Telerik * Tenda Tenda * TerraMaster TerraMaster * ThinkPHP ThinkPHP * TIBCO TIBCO * TP-Link TP-Link * Treck TCP/IP stack Treck TCP/IP stack * Trend Micro Trend Micro * Trihedral Trihedral * TVT TVT * Ubiquiti Ubiquiti * Unraid Unraid * vBulletin vBulletin * Veeam Veeam * Veritas Veritas * VMware VMware * VMware Tanzu VMware Tanzu * WatchGuard WatchGuard * WebKitGTK WebKitGTK * Webmin Webmin * WebRTC WebRTC * WordPress WordPress * WSO2 WSO2 * XStream XStream * Yealink Yealink * Zabbix Zabbix * Zimbra Zimbra * ZK Framework ZK Framework * Zoho Zoho * Zyxel Zyxel Show more No result Reset KNOWN EXPLOITED VULNERABILITIES CATALOG For the benefit of the cybersecurity community and network defenders—and to help every organization better manage vulnerabilities and keep pace with threat activity—CISA maintains the authoritative source of vulnerabilities that have been exploited in the wild. Organizations should use the KEV catalog as an input to their vulnerability management prioritization framework. How to use the KEV Catalog The KEV catalog is also available in the following formats: CSV JSON JSON Schema -------------------------------------------------------------------------------- Showing 1 - 20 of 1107 Microsoft | DWM Core Library CVE-2024-30051 Microsoft DWM Core Library Privilege Escalation Vulnerability Microsoft DWM Core Library contains a privilege escalation vulnerability that allows an attacker to gain SYSTEM privileges. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-05-14 * Due Date: 2024-06-04 Resources and Notes https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051 Microsoft | Windows CVE-2024-30040 Microsoft Windows MSHTML Platform Security Feature Bypass Vulnerability Microsoft Windows MSHTML Platform contains an unspecified vulnerability that allows for a security feature bypass. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-05-14 * Due Date: 2024-06-04 Resources and Notes https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040 Google | Chromium CVE-2024-4671 Google Chromium Visuals Use-After-Free Vulnerability Google Chromium Visuals contains a use-after-free vulnerability that allows a remote attacker to exploit heap corruption via a crafted HTML page. This vulnerability could affect multiple web browsers that utilize Chromium, including, but not limited to, Google Chrome, Microsoft Edge, and Opera. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-05-13 * Due Date: 2024-06-03 Resources and Notes https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html?m=1 GitLab | GitLab CE/EE CVE-2023-7028 GitLab Community and Enterprise Editions Improper Access Control Vulnerability GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-05-01 * Due Date: 2024-05-22 Resources and Notes https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ Microsoft | SmartScreen Prompt CVE-2024-29988 Microsoft SmartScreen Prompt Security Feature Bypass Vulnerability Microsoft SmartScreen Prompt contains a security feature bypass vulnerability that allows an attacker to bypass the Mark of the Web (MotW) feature. This vulnerability can be chained with CVE-2023-38831 and CVE-2024-21412 to execute a malicious file. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-04-30 * Due Date: 2024-05-21 Resources and Notes https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29988 Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain an infinite loop vulnerability that can lead to remote denial of service condition. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-04-24 * Due Date: 2024-05-01 Resources and Notes https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-websrvs-dos-X8gNucD2 Cisco | Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) CVE-2024-20359 Cisco ASA and FTD Privilege Escalation Vulnerability Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) contain a privilege escalation vulnerability that can allow local privilege escalation from Administrator to root. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-04-24 * Due Date: 2024-05-01 Resources and Notes https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-persist-rce-FLsNXF4h CrushFTP | CrushFTP CVE-2024-4040 CrushFTP VFS Sandbox Escape Vulnerability CrushFTP contains an unspecified sandbox escape vulnerability that allows a remote attacker to escape the CrushFTP virtual file system (VFS). * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-04-24 * Due Date: 2024-05-01 Resources and Notes https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update&version=34 Microsoft | Windows CVE-2022-38028 Microsoft Windows Print Spooler Privilege Escalation Vulnerability Microsoft Windows Print Spooler service contains a privilege escalation vulnerability. An attacker may modify a JavaScript constraints file and execute it with SYSTEM-level permissions. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-04-23 * Due Date: 2024-05-14 Resources and Notes https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-38028 Palo Alto Networks | PAN-OS CVE-2024-3400 Palo Alto Networks PAN-OS Command Injection Vulnerability Palo Alto Networks PAN-OS GlobalProtect feature contains a command injection vulnerability that allows an unauthenticated attacker to execute commands with root privileges on the firewall. * Action: Apply mitigations per vendor instructions as they become available. Otherwise, users with vulnerable versions of affected devices should enable Threat Prevention IDs available from the vendor. See the vendor bulletin for more details and a patch release schedule. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-04-12 * Due Date: 2024-04-19 Resources and Notes https://security.paloaltonetworks.com/CVE-2024-3400 D-Link | Multiple NAS Devices CVE-2024-3272 D-Link Multiple NAS Devices Use of Hard-Coded Credentials Vulnerability D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contains a hard-coded credential that allows an attacker to conduct authenticated command injection, leading to remote, unauthorized code execution. * Action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-04-11 * Due Date: 2024-05-02 Resources and Notes https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 D-Link | Multiple NAS Devices CVE-2024-3273 D-Link Multiple NAS Devices Command Injection Vulnerability D-Link DNS-320L, DNS-325, DNS-327L, and DNS-340L contain a command injection vulnerability. When combined with CVE-2024-3272, this can lead to remote, unauthorized code execution. * Action: This vulnerability affects legacy D-Link products. All associated hardware revisions have reached their end-of-life (EOL) or end-of-service (EOS) life cycle and should be retired and replaced per vendor instructions. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-04-11 * Due Date: 2024-05-02 Resources and Notes https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10383 Android | Pixel CVE-2024-29745 Android Pixel Information Disclosure Vulnerability Android Pixel contains an information disclosure vulnerability in the fastboot firmware used to support unlocking, flashing, and locking affected devices. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-04-04 * Due Date: 2024-04-25 Resources and Notes https://source.android.com/docs/security/bulletin/pixel/2024-04-01 Android | Pixel CVE-2024-29748 Android Pixel Privilege Escalation Vulnerability Android Pixel contains a privilege escalation vulnerability that allows an attacker to interrupt a factory reset triggered by a device admin app. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-04-04 * Due Date: 2024-04-25 Resources and Notes https://source.android.com/docs/security/bulletin/pixel/2024-04-01 Microsoft | SharePoint Server CVE-2023-24955 Microsoft SharePoint Server Code Injection Vulnerability Microsoft SharePoint Server contains a code injection vulnerability that allows an authenticated attacker with Site Owner privileges to execute code remotely. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Known * Date Added: 2024-03-26 * Due Date: 2024-04-16 Resources and Notes https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24955 Fortinet | FortiClient EMS CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerability Fortinet FortiClient EMS contains a SQL injection vulnerability that allows an unauthenticated attacker to execute commands as SYSTEM via specifically crafted requests. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Known * Date Added: 2024-03-25 * Due Date: 2024-04-15 Resources and Notes https://www.fortiguard.com/psirt/FG-IR-24-007 Ivanti | Endpoint Manager Cloud Service Appliance (EPM CSA) CVE-2021-44529 Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) Code Injection Vulnerability Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody). * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-03-25 * Due Date: 2024-04-15 Resources and Notes https://forums.ivanti.com/s/article/SA-2021-12-02?language=en_US Nice | Linear eMerge E3-Series CVE-2019-7256 Nice Linear eMerge E3-Series OS Command Injection Vulnerability Nice Linear eMerge E3-Series contains an OS command injection vulnerability that allows an attacker to conduct remote code execution. * Action: Contact the vendor for guidance on remediating firmware, per their advisory. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-03-25 * Due Date: 2024-04-15 Resources and Notes https://linear-solutions.com/wp-content/uploads/E3-Bulletin-06-27-2023.pdf, https://www.cisa.gov/news-events/ics-advisories/icsa-24-065-01 JetBrains | TeamCity CVE-2024-27198 JetBrains TeamCity Authentication Bypass Vulnerability JetBrains TeamCity contains an authentication bypass vulnerability that allows an attacker to perform admin actions. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-03-07 * Due Date: 2024-03-28 Resources and Notes https://www.jetbrains.com/help/teamcity/teamcity-2023-11-4-release-notes.html Apple | Multiple Products CVE-2024-23296 Apple Multiple Products Memory Corruption Vulnerability Apple iOS, iPadOS, macOS, tvOS, and watchOS RTKit contain a memory corruption vulnerability that allows an attacker with arbitrary kernel read and write capability to bypass kernel memory protections. * Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. * Known To Be Used in Ransomware Campaigns?: Unknown * Date Added: 2024-03-06 * Due Date: 2024-03-27 Resources and Notes https://support.apple.com/en-us/HT214081, https://support.apple.com/en-us/HT214082, https://support.apple.com/en-us/HT214084, https://support.apple.com/en-us/HT214086, https://support.apple.com/en-us/HT214088 * Currently on page 1 * Page 2 * Page 3 * Page 4 * Page 5 * Page 6 * Page 7 * Page 8 * Page 9 * … * Go to next pageNext * Go to last pageLast SUBSCRIBE TO THE KEV CATALOG UPDATES Stay up to date on the latest known exploited vulnerabilities. Subscribe Now(link is external) Return to top * Topics * Spotlight * Resources & Tools * News & Events * Careers * About Cybersecurity & Infrastructure Security Agency * Facebook * Twitter * LinkedIn * YouTube * Instagram * RSS CISA Central 1-844-Say-CISA SayCISA@cisa.dhs.gov(link sends email) DHS Seal CISA.gov An official website of the U.S. Department of Homeland Security * About CISA * Accessibility * Budget and Performance * DHS.gov * FOIA Requests * No FEAR Act * Office of Inspector General * Privacy Policy * Subscribe * The White House * USA.gov * Website Feedback