Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-33044	The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity...	n/a	Some Dahua IP Camera, Video Intercom, PTZ Dome Camera, Thermal Camera devices	2024-08-21 00:00:00 UTC	CISA
CVE-2021-33045	The identity authentication bypass vulnerability found in some Dahua products during the login process. Attackers can bypass device identity...	n/a	Some Dahua IP Camera, Video Intercom, NVR, XVR devices	2024-08-21 00:00:00 UTC	CISA
CVE-2024-23897	Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by...	Jenkins Project	Jenkins	2024-08-19 00:00:00 UTC	CISA
CVE-2024-28986	SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability	SolarWinds	Web Help Desk	2024-08-15 00:00:00 UTC	CISA
CVE-2024-38107	Windows Power Dependency Coordinator Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows 11 Version 24H2	2024-08-13 00:00:00 UTC	CISA
CVE-2024-38106	Windows Kernel Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 11 Version 24H2	2024-08-13 00:00:00 UTC	CISA
CVE-2024-38189	Microsoft Project Remote Code Execution Vulnerability	Microsoft	Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Project 2016, Microsoft Office LTSC 2021	2024-08-13 00:00:00 UTC	CISA
CVE-2024-38213	Windows Mark of the Web Security Feature Bypass Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2024-08-13 00:00:00 UTC	CISA
CVE-2024-38193	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Microsoft	Windows 11 Version 24H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2024-08-13 00:00:00 UTC	CISA
CVE-2024-38178	Scripting Engine Memory Corruption Vulnerability	Microsoft	Windows 11 Version 24H2, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2024-08-13 00:00:00 UTC	CISA
CVE-2024-36971	net: fix __dst_negative_advice() race	Linux	Linux	2024-08-07 00:00:00 UTC	CISA
CVE-2024-32113	Apache OFBiz: Path traversal leading to RCE	Apache Software Foundation	Apache OFBiz	2024-08-07 00:00:00 UTC	CISA
CVE-2018-0824	A remote code execution vulnerability exists in "Microsoft COM for Windows" when it fails to properly handle serialized objects, aka "Microsoft COM...	n/a	n/a	2024-08-05 00:00:00 UTC	CISA
CVE-2024-37085	VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full...	n/a	VMware ESXi, VMware Cloud Foundation	2024-07-30 00:00:00 UTC	CISA
CVE-2023-45249	Remote command execution due to use of default passwords. The following products are affected: Acronis Cyber Infrastructure (ACI) before build...	Acronis	Acronis Cyber Infrastructure	2024-07-29 00:00:00 UTC	CISA
CVE-2024-4879	Jelly Template Injection Vulnerability in ServiceNow UI Macros	ServiceNow	Now Platform	2024-07-29 00:00:00 UTC	CISA
CVE-2024-5217	Incomplete Input Validation in GlideExpression Script	ServiceNow	Now Platform	2024-07-29 00:00:00 UTC	CISA
CVE-2012-4792	Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site...	n/a	n/a	2024-07-23 00:00:00 UTC	CISA
CVE-2024-39891	In the Twilio Authy API, accessed by Authy Android before 25.1.0 and Authy iOS before 26.1.0, an unauthenticated endpoint provided access to...	n/a	n/a	2024-07-23 00:00:00 UTC	CISA
CVE-2022-22948	The vCenter Server contains an information disclosure vulnerability due to improper permission of files. A malicious actor with non-administrative...	n/a	VMware vCenter Server and VMware Cloud Foundation	2024-07-17 00:00:00 UTC	CISA
CVE-2024-34102	XXE can expose crypt key and other secrets granting full admin access	Adobe	Adobe Commerce	2024-07-17 00:00:00 UTC	CISA
CVE-2024-28995	SolarWinds Serv-U L Directory Transversal Vulnerability	SolarWinds	SolarWinds Serv-U	2024-07-17 00:00:00 UTC	CISA
CVE-2024-36401	Remote Code Execution (RCE) vulnerability in evaluating property name expressions in Geoserver	geoserver	geoserver	2024-07-15 00:00:00 UTC	CISA
CVE-2024-23692	Rejetto HTTP File Server 2.3m Unauthenticated RCE	Rejetto	HTTP File Server	2024-07-09 00:00:00 UTC	CISA
CVE-2024-38080	Windows Hyper-V Elevation of Privilege Vulnerability	Microsoft	Windows Server 2022, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation)	2024-07-09 00:00:00 UTC	CISA

Displaying vulnerabilities 251 - 275 of 1403 in total