Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2023-49897	An OS command injection vulnerability exists in AE1021PE firmware version 2.0.9 and earlier and AE1021 firmware version 2.0.9 and earlier. If this...	FXC Inc.	AE1021PE, AE1021	2023-12-21 00:00:00 UTC	CISA
CVE-2023-6448	Unitronics VisiLogic uses a default administrative password	Unitronics	VisiLogic	2023-12-11 00:00:00 UTC	CISA
CVE-2023-41266	A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and...	n/a	n/a	2023-12-07 00:00:00 UTC	CISA
CVE-2023-41265	An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7...	n/a	n/a	2023-12-07 00:00:00 UTC	CISA
CVE-2022-22071	Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto,...	Qualcomm, Inc.	Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music	2023-12-05 00:00:00 UTC	CISA
CVE-2023-33063	Use After Free in DSP Services	Qualcomm, Inc.	Snapdragon	2023-12-05 00:00:00 UTC	CISA
CVE-2023-33106	Use of Out-of-range Pointer Offset in Graphics	Qualcomm, Inc.	Snapdragon	2023-12-05 00:00:00 UTC	CISA
CVE-2023-33107	Integer Overflow or Wraparound in Graphics Linux	Qualcomm, Inc.	Snapdragon	2023-12-05 00:00:00 UTC	CISA
CVE-2023-42917	A memory corruption vulnerability was addressed with improved locking. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2,...	Apple	Safari, macOS, iOS and iPadOS	2023-12-04 00:00:00 UTC	CISA
CVE-2023-42916	An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 17.1.2 and iPadOS 17.1.2, macOS Sonoma 14.1.2,...	Apple	Safari, macOS, iOS and iPadOS	2023-12-04 00:00:00 UTC	CISA
CVE-2023-6345	Integer overflow in Skia in Google Chrome prior to 119.0.6045.199 allowed a remote attacker who had compromised the renderer process to potentially...	Google	Chrome	2023-11-30 00:00:00 UTC	CISA
CVE-2023-49103	An issue was discovered in ownCloud owncloud/graphapi 0.2.x before 0.2.1 and 0.3.x before 0.3.1. The graphapi app relies on a third-party...	n/a	n/a	2023-11-30 00:00:00 UTC	CISA
CVE-2023-4911	Glibc: buffer overflow in ld.so leading to privilege escalation	, Red Hat	, Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.6 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Extended Update Support, Red Hat Virtualization 4 for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7	2023-11-21 00:00:00 UTC	CISA
CVE-2023-36584	Windows Mark of the Web Security Feature Bypass Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-11-16 00:00:00 UTC	CISA
CVE-2020-2551	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: WLS Core Components). Supported versions that are...	Oracle Corporation	WebLogic Server	2023-11-16 00:00:00 UTC	CISA
CVE-2023-1671	A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older than version 4.3.10.4 allows execution of...	Sophos	Sophos Web Appliance	2023-11-16 00:00:00 UTC	CISA
CVE-2023-36033	Windows DWM Core Library Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation)	2023-11-14 00:00:00 UTC	CISA
CVE-2023-36036	Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation), Windows 11 version 22H3, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 23H2	2023-11-14 00:00:00 UTC	CISA
CVE-2023-36025	Windows SmartScreen Security Feature Bypass Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-11-14 00:00:00 UTC	CISA
CVE-2023-47246	In SysAid On-Premise before 23.3.36, a path traversal vulnerability leads to code execution after an attacker writes a file to the Tomcat webroot,...	n/a	n/a	2023-11-13 00:00:00 UTC	CISA
CVE-2023-36851	Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload and download arbitrary files	Juniper Networks	Junos OS	2023-11-13 00:00:00 UTC	CISA
CVE-2023-36847	Junos OS: EX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files	Juniper Networks	Junos OS	2023-11-13 00:00:00 UTC	CISA
CVE-2023-36846	Junos OS: SRX Series: A vulnerability in J-Web allows an unauthenticated attacker to upload arbitrary files	Juniper Networks	Junos OS	2023-11-13 00:00:00 UTC	CISA
CVE-2023-36845	Junos OS: EX and SRX Series: A PHP vulnerability in J-Web allows an unauthenticated to control an important environment variable	Juniper Networks	Junos OS	2023-11-13 00:00:00 UTC	CISA
CVE-2023-36844	Junos OS: EX Series: A PHP vulnerability in J-Web allows an unauthenticated attacker to control important environment variables	Juniper Networks	Junos OS	2023-11-13 00:00:00 UTC	CISA

Displaying vulnerabilities 351 - 375 of 1402 in total