Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-38112	Windows MSHTML Platform Spoofing Vulnerability	Microsoft	Windows 10 Version 22H2, Windows 11 Version 23H2, Windows 10 Version 1507, Windows 11 version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows 10 Version 21H2, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows 10 Version 1809, Windows Server 2012 R2, Windows 11 version 22H3, Windows Server 2012 R2 (Server Core installation), Windows Server 2022, Windows Server 2022, 23H2 Edition (Server Core installation), Windows Server 2019 (Server Core installation), Windows 11 version 21H2, Windows Server 2019	2024-07-09 00:00:00 UTC	CISA
CVE-2024-20399	Cisco NX-OS Software CLI Command Injection Vulnerability	Cisco	Cisco NX-OS Software	2024-07-02 00:00:00 UTC	CISA
CVE-2022-24816	Improper Control of Generation of Code in jai-ext	geosolutions-it	jai-ext	2024-06-26 00:00:00 UTC	CISA
CVE-2022-2586	It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table...	The Linux Kernel Organization	linux	2024-06-26 00:00:00 UTC	CISA
CVE-2020-13965	An issue was discovered in Roundcube Webmail before 1.3.12 and 1.4.x before 1.4.5. There is XSS via a malicious XML attachment because text/xml is...	n/a	n/a	2024-06-26 00:00:00 UTC	CISA
CVE-2024-4358	Registration Authentication Bypass Vulnerability	Progress Software Corporation	Telerik Report Server	2024-06-13 00:00:00 UTC	CISA
CVE-2024-32896	there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution...	Google	Android	2024-06-13 00:00:00 UTC	CISA
CVE-2024-26169	Windows Error Reporting Service Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2024-06-13 00:00:00 UTC	CISA
CVE-2024-4610	Mali GPU Kernel Driver allows improper GPU memory processing operations	Arm Ltd	Bifrost GPU Kernel Driver, Valhall GPU Kernel Driver	2024-06-12 00:00:00 UTC	CISA
CVE-2024-4577	Argument Injection in PHP-CGI	PHP Group	PHP	2024-06-12 00:00:00 UTC	CISA
CVE-2017-3506	Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are...	Oracle Corporation	WebLogic Server	2024-06-03 00:00:00 UTC	CISA
CVE-2024-1086	Use-after-free in Linux kernel's netfilter: nf_tables component	Linux	Kernel	2024-05-30 00:00:00 UTC	CISA
CVE-2024-24919	Information disclosure	checkpoint	Check Point Quantum Gateway, Spark Gateway and CloudGuard Network	2024-05-30 00:00:00 UTC	CISA
CVE-2024-4978	Malicious Code in Justice AV Solutions (JAVS) Viewer	Justice AV Solutions	Viewer	2024-05-29 00:00:00 UTC	CISA
CVE-2024-5274	Type Confusion in V8 in Google Chrome prior to 125.0.6422.112 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...	Google	Chrome	2024-05-28 00:00:00 UTC	CISA
CVE-2020-17519	Apache Flink directory traversal attack: reading remote files through the REST API	Apache Software Foundation	Apache Flink	2024-05-23 00:00:00 UTC	CISA
CVE-2023-43208	NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is...	n/a	n/a	2024-05-20 00:00:00 UTC	CISA
CVE-2024-4947	Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted...	Google	Chrome	2024-05-20 00:00:00 UTC	CISA
CVE-2014-100005	Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR-600 router (rev. Bx) with firmware before 2.17b02 allow remote attackers...	n/a	n/a	2024-05-16 00:00:00 UTC	CISA
CVE-2021-40655	An informtion disclosure issue exists in D-LINK-DIR-605 B2 Firmware Version : 2.01MT. An attacker can obtain a user name and password by forging a...	n/a	n/a	2024-05-16 00:00:00 UTC	CISA
CVE-2024-4761	Out of bounds write in V8 in Google Chrome prior to 124.0.6367.207 allowed a remote attacker to perform an out of bounds memory write via a crafted...	Google	Chrome	2024-05-16 00:00:00 UTC	CISA
CVE-2024-30040	Windows MSHTML Platform Security Feature Bypass Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	2024-05-14 00:00:00 UTC	CISA
CVE-2024-30051	Windows DWM Core Library Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	2024-05-14 00:00:00 UTC	CISA
CVE-2024-4671	Use after free in Visuals in Google Chrome prior to 124.0.6367.201 allowed a remote attacker who had compromised the renderer process to...	Google	Chrome	2024-05-13 00:00:00 UTC	CISA
CVE-2023-7028	Weak Password Recovery Mechanism for Forgotten Password in GitLab	GitLab	GitLab	2024-05-01 00:00:00 UTC	CISA

Displaying vulnerabilities 276 - 300 of 1403 in total