Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2024-29988	SmartScreen Prompt Security Feature Bypass Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation)	2024-04-30 00:00:00 UTC	CISA
CVE-2024-4040	Unauthenticated arbitrary file read and remote code execution in CrushFTP	CrushFTP	CrushFTP	2024-04-24 00:00:00 UTC	CISA
CVE-2024-20353	A vulnerability in the management and VPN web servers for Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)...	Cisco	Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software	2024-04-24 00:00:00 UTC	CISA
CVE-2024-20359	A vulnerability in a legacy capability that allowed for the preloading of VPN clients and plug-ins and that has been available in Cisco Adaptive...	Cisco	Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software	2024-04-24 00:00:00 UTC	CISA
CVE-2022-38028	Windows Print Spooler Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2024-04-23 00:00:00 UTC	CISA
CVE-2024-3400	PAN-OS: Arbitrary File Creation Leads to OS Command Injection Vulnerability in GlobalProtect	Palo Alto Networks	PAN-OS, Cloud NGFW, Prisma Access	2024-04-12 00:00:00 UTC	CISA
CVE-2024-3273	D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi command injection	D-Link	DNS-320L, DNS-325, DNS-327L, DNS-340L	2024-04-11 00:00:00 UTC	CISA
CVE-2024-3272	D-Link DNS-320L/DNS-325/DNS-327L/DNS-340L HTTP GET Request nas_sharing.cgi hard-coded credentials	D-Link	DNS-320L, DNS-325, DNS-327L, DNS-340L	2024-04-11 00:00:00 UTC	CISA
CVE-2024-29745	there is a possible Information Disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution...	Google	Android	2024-04-04 00:00:00 UTC	CISA
CVE-2024-29748	there is a possible way to bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution...	Google	Android	2024-04-04 00:00:00 UTC	CISA
CVE-2023-24955	Microsoft SharePoint Server Remote Code Execution Vulnerability	Microsoft	Microsoft SharePoint Enterprise Server 2016, Microsoft SharePoint Server 2019, Microsoft SharePoint Server Subscription Edition	2024-03-26 00:00:00 UTC	CISA
CVE-2021-44529	A code injection vulnerability in the Ivanti EPM Cloud Services Appliance (CSA) allows an unauthenticated user to execute arbitrary code with...	n/a	Ivanti EPM	2024-03-25 00:00:00 UTC	CISA
CVE-2019-7256	Linear eMerge E3-Series devices allow Command Injections.	n/a	n/a	2024-03-25 00:00:00 UTC	CISA
CVE-2023-48788	A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2,...	Fortinet	FortiClientEMS	2024-03-25 00:00:00 UTC	CISA
CVE-2024-27198	In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible	JetBrains	TeamCity	2024-03-07 00:00:00 UTC	CISA
CVE-2024-23296	A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary...	Apple	iOS and iPadOS	2024-03-06 00:00:00 UTC	CISA
CVE-2024-23225	A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An...	Apple	iOS and iPadOS	2024-03-06 00:00:00 UTC	CISA
CVE-2021-36380	Sunhillo SureLine before 8.7.0.1.1 allows Unauthenticated OS Command Injection via shell metacharacters in ipAddr or dnsAddr /cgi/networkDiag.cgi.	n/a	n/a	2024-03-05 00:00:00 UTC	CISA
CVE-2023-21237	In applyRemoteView of NotificationContentInflater.java, there is a possible way to hide foreground service notification due to misleading or...	n/a	Android	2024-03-05 00:00:00 UTC	CISA
CVE-2024-21338	Windows Kernel Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation)	2024-03-04 00:00:00 UTC	CISA
CVE-2023-29360	Microsoft Streaming Service Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	2024-02-29 00:00:00 UTC	CISA
CVE-2024-1709	Authentication bypass using an alternate path or channel	ConnectWise	ScreenConnect	2024-02-22 00:00:00 UTC	CISA
CVE-2020-3259	Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Information Disclosure Vulnerability	Cisco	Cisco Adaptive Security Appliance (ASA) Software	2024-02-15 00:00:00 UTC	CISA
CVE-2024-21410	Microsoft Exchange Server Elevation of Privilege Vulnerability	Microsoft	Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 13, Microsoft Exchange Server 2019 Cumulative Update 14	2024-02-15 00:00:00 UTC	CISA
CVE-2024-21351	Windows SmartScreen Security Feature Bypass Vulnerability	Microsoft	Windows 11 Version 23H2, Windows 11 version 22H3, Windows 10 Version 1809, Windows Server 2019, Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016	2024-02-13 00:00:00 UTC	CISA

Displaying vulnerabilities 301 - 325 of 1403 in total