Full CISA KEV catalog
Every CVE the U.S. cybersecurity agency has flagged as actively exploited. Search by vendor or product. Filter by category, time window, or ransomware association. Paginated 50 per page.
| CVE | Vendor / product | Vulnerability | Categories | Added to KEV |
|---|---|---|---|---|
| CVE-2024-51567 |
CyberPersons
CyberPanel
|
CyberPanel Incorrect Default Permissions Vulnerability
CyberPanel contains an incorrect default permissions vulnerability that allows a remote, unauthenticated attacker to execute commands as root.
|
Ransomware | Nov 7, 2024 |
| CVE-2024-38094 |
Microsoft
SharePoint
|
Microsoft SharePoint Deserialization Vulnerability
Microsoft SharePoint contains a deserialization vulnerability that allows for remote code execution.
|
Ransomware M365 / Email Yacht-focused | Oct 22, 2024 |
| CVE-2024-40711 |
Veeam
Backup & Replication
|
Veeam Backup and Replication Deserialization Vulnerability
Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution.
|
Ransomware Enterprise stack Yacht-focused | Oct 17, 2024 |
| CVE-2024-9680 |
Mozilla
Firefox
|
Mozilla Firefox Use-After-Free Vulnerability
Mozilla Firefox and Firefox ESR contain a use-after-free vulnerability in Animation timelines that allows for code execution in the content process.
|
Ransomware Browsers | Oct 15, 2024 |
| CVE-2024-30088 |
Microsoft
Windows
|
Microsoft Windows Kernel TOCTOU Race Condition Vulnerability
Microsoft Windows Kernel contains a time-of-check to time-of-use (TOCTOU) race condition vulnerability that could allow for privilege escalation.
|
Ransomware | Oct 15, 2024 |
| CVE-2024-6670 |
Progress
WhatsUp Gold
|
Progress WhatsUp Gold SQL Injection Vulnerability
Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.
|
Ransomware | Sep 16, 2024 |
| CVE-2024-40766 |
SonicWall
SonicOS
|
SonicWall SonicOS Improper Access Control Vulnerability
SonicWall SonicOS contains an improper access control vulnerability that could lead to unauthorized resource access and, under certain conditions, may cause the firewall to crash.
|
Ransomware Network gear Yacht-focused | Sep 9, 2024 |
| CVE-2017-1000253 |
Linux
Kernel
|
Linux Kernel PIE Stack Buffer Corruption Vulnerability
Linux kernel contains a position-independent executable (PIE) stack buffer corruption vulnerability in load_elf_ binary() that allows a local attacker to escalate privileges.
|
Ransomware Server OS / DB / Web Yacht-focused | Sep 9, 2024 |
| CVE-2024-23897 |
Jenkins
Jenkins Command Line Interface (CLI)
|
Jenkins Command Line Interface (CLI) Path Traversal Vulnerability
Jenkins Command Line Interface (CLI) contains a path traversal vulnerability that allows attackers limited read access to certain files, which can lead to code execution.
|
Ransomware Enterprise stack Yacht-focused | Aug 19, 2024 |
| CVE-2024-37085 |
VMware
ESXi
|
VMware ESXi Authentication Bypass Vulnerability
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management by re-creating the configured AD group ('ESXi Admins' by default) after it was deleted from AD.
|
Ransomware Enterprise stack Yacht-focused | Jul 30, 2024 |
| CVE-2024-26169 |
Microsoft
Windows
|
Microsoft Windows Error Reporting Service Improper Privilege Management Vulnerability
Microsoft Windows Error Reporting Service contains an improper privilege management vulnerability that allows a local attacker with user permissions to gain SYSTEM privileges.
|
Ransomware | Jun 13, 2024 |
| CVE-2024-4577 |
PHP Group
PHP
|
PHP-CGI OS Command Injection Vulnerability
PHP, specifically Windows-based PHP used in CGI mode, contains an OS command injection vulnerability that allows for arbitrary code execution. This vulnerability is a patch bypass for CVE-2012-1823.
|
Ransomware | Jun 12, 2024 |
Source: CISA Known Exploited Vulnerabilities catalog. Updated hourly. Want crew who know what to do when one of these lands aboard? Start the free crew course →