Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2022-21445	Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions...	Oracle Corporation	Application Development Framework (ADF)	2024-09-18 00:00:00 UTC	CISA
CVE-2024-27348	Apache HugeGraph-Server: Command execution in gremlin	Apache Software Foundation	Apache HugeGraph-Server	2024-09-18 00:00:00 UTC	CISA
CVE-2020-0618	A remote code execution vulnerability exists in Microsoft SQL Server Reporting Services when it incorrectly handles page requests, aka 'Microsoft...	Microsoft	Microsoft SQL Server, Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for x64-based Systems (CU), Microsoft SQL Server 2016 for x64-based Systems Service Pack 2 (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (GDR), Microsoft SQL Server 2014 Service Pack 3 for 32-bit Systems (CU)	2024-09-18 00:00:00 UTC	CISA
CVE-2014-0497	Integer underflow in Adobe Flash Player before 11.7.700.261 and 11.8.x through 12.0.x before 12.0.0.44 on Windows and Mac OS X, and before...	n/a	n/a	2024-09-17 00:00:00 UTC	CISA
CVE-2013-0643	The Firefox sandbox in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171 on Windows and Mac OS X, and before 10.3.183.67 and 11.x...	n/a	n/a	2024-09-17 00:00:00 UTC	CISA
CVE-2013-0648	Unspecified vulnerability in the ExternalInterface ActionScript functionality in Adobe Flash Player before 10.3.183.67 and 11.x before 11.6.602.171...	n/a	n/a	2024-09-17 00:00:00 UTC	CISA
CVE-2014-0502	Double free vulnerability in Adobe Flash Player before 11.7.700.269 and 11.8.x through 12.0.x before 12.0.0.70 on Windows and Mac OS X and before...	n/a	n/a	2024-09-17 00:00:00 UTC	CISA
CVE-2024-6670	WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability	Progress Software Corporation	WhatsUp Gold	2024-09-16 00:00:00 UTC	CISA
CVE-2024-43461	Windows MSHTML Platform Spoofing Vulnerability	Microsoft	Windows 11 Version 24H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2024-09-16 00:00:00 UTC	CISA
CVE-2024-8190	An OS command injection vulnerability in Ivanti Cloud Services Appliance versions 4.6 Patch 518 and before allows a remote authenticated attacker...	Ivanti	CSA (Cloud Services Appliance)	2024-09-13 00:00:00 UTC	CISA
CVE-2024-38226	Microsoft Publisher Security Feature Bypass Vulnerability	Microsoft	Microsoft Office 2019, Microsoft Office LTSC 2021, Microsoft Publisher 2016	2024-09-10 00:00:00 UTC	CISA
CVE-2024-38014	Windows Installer Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2024-09-10 00:00:00 UTC	CISA
CVE-2024-38217	Windows Mark of the Web Security Feature Bypass Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2024-09-10 00:00:00 UTC	CISA
CVE-2017-1000253	Linux distributions that have not patched their long-term kernels with https://git.kernel.org/linus/a87938b2e246b81b4fb713edb371a9fa3c5c3c86...	n/a	n/a	2024-09-09 00:00:00 UTC	CISA
CVE-2024-40766	An improper access control vulnerability has been identified in the SonicWall SonicOS management access, potentially leading to unauthorized...	SonicWall	SonicOS	2024-09-09 00:00:00 UTC	CISA
CVE-2016-3714	The (1) EPHEMERAL, (2) HTTPS, (3) MVG, (4) MSL, (5) TEXT, (6) SHOW, (7) WIN, and (8) PLT coders in ImageMagick before 6.9.3-10 and 7.x before...	n/a	n/a	2024-09-09 00:00:00 UTC	CISA
CVE-2024-7262	Arbitrary Code Execution in WPS Office	Kingsoft	WPS Office	2024-09-03 00:00:00 UTC	CISA
CVE-2021-20124	A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the WebServlet endpoint. An...	n/a	Draytek VigorConnect	2024-09-03 00:00:00 UTC	CISA
CVE-2021-20123	A local file inclusion vulnerability exists in Draytek VigorConnect 1.6.0-B3 in the file download functionality of the DownloadFileServlet...	n/a	Draytek VigorConnect	2024-09-03 00:00:00 UTC	CISA
CVE-2024-7965	Inappropriate implementation in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2024-08-28 00:00:00 UTC	CISA
CVE-2024-38856	Apache OFBiz: Unauthenticated endpoint could allow execution of screen rendering code	Apache Software Foundation	Apache OFBiz	2024-08-27 00:00:00 UTC	CISA
CVE-2024-7971	Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap corruption via a crafted HTML page....	Google	Chrome	2024-08-26 00:00:00 UTC	CISA
CVE-2024-39717	The Versa Director GUI provides an option to customize the look and feel of the user interface. This option is only available for a user logged...	Versa	Director	2024-08-23 00:00:00 UTC	CISA
CVE-2021-31196	Microsoft Exchange Server Remote Code Execution Vulnerability	Microsoft	Microsoft Exchange Server 2019 Cumulative Update 9, Microsoft Exchange Server 2016 Cumulative Update 20, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 21, Microsoft Exchange Server 2019 Cumulative Update 10	2024-08-21 00:00:00 UTC	CISA
CVE-2022-0185	A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel...	n/a	kernel	2024-08-21 00:00:00 UTC	CISA

Displaying vulnerabilities 226 - 250 of 1403 in total