Known exploited
ZK Framework
CVE published 2023-02-27
CVE-2022-36537
CVE-2022-36537 is a ZK Framework AuUploader vulnerability that CISA added to its Known Exploited Vulnerabilities (KEV) catalog on 2023-02-27. The public record identifies it as an unspecified vulnerability and notes known ransomware campaign use. CISA’s required action is to apply updates per vendor instructions.