Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2023-29552	The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated, remote attacker to register arbitrary services. This could allow the...	n/a	n/a	2023-11-08 00:00:00 UTC	CISA
CVE-2023-22518	All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. This Improper Authorization vulnerability allows...	Atlassian	Confluence Data Center, Confluence Server	2023-11-07 00:00:00 UTC	CISA
CVE-2023-46604	Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module: Unbounded deserialization causes ActiveMQ to be vulnerable to a remote code execution (RCE) attack	Apache Software Foundation	Apache ActiveMQ, Apache ActiveMQ Legacy OpenWire Module	2023-11-02 00:00:00 UTC	CISA
CVE-2023-46747	BIG-IP Configuration utility unauthenticated remote code execution vulnerability	F5	BIG-IP	2023-10-31 00:00:00 UTC	CISA
CVE-2023-46748	BIG-IP Configuration utility authenticated SQL injection vulnerability	F5	BIG-IP	2023-10-31 00:00:00 UTC	CISA
CVE-2023-5631	Stored XSS vulnerability in Roundcube	Roundcube	Roundcubemail	2023-10-26 00:00:00 UTC	CISA
CVE-2023-20273	A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges...	Cisco	Cisco IOS XE Software	2023-10-23 00:00:00 UTC	CISA
CVE-2023-4966	Unauthenticated sensitive information disclosure	Citrix	NetScaler ADC, NetScaler Gateway	2023-10-18 00:00:00 UTC	CISA
CVE-2023-20198	Cisco is providing an update for the ongoing investigation into observed exploitation of the web UI feature in Cisco IOS XE Software. We are...	Cisco	Cisco IOS XE Software	2023-10-16 00:00:00 UTC	CISA
CVE-2023-36563	Microsoft WordPad Information Disclosure Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-10-10 00:00:00 UTC	CISA
CVE-2023-41763	Skype for Business Elevation of Privilege Vulnerability	Microsoft	Skype for Business Server 2015 CU13, Skype for Business Server 2019 CU7	2023-10-10 00:00:00 UTC	CISA
CVE-2023-44487	The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as...	n/a	n/a	2023-10-10 00:00:00 UTC	CISA
CVE-2023-20109	A vulnerability in the Cisco Group Encrypted Transport VPN (GET VPN) feature of Cisco IOS Software and Cisco IOS XE Software could allow an...	Cisco	IOS, Cisco IOS XE Software	2023-10-10 00:00:00 UTC	CISA
CVE-2023-21608	Adobe Acrobat Reader DC resetForm Use-After-Free Remote Code Execution Vulnerability	Adobe	Acrobat Reader	2023-10-10 00:00:00 UTC	CISA
CVE-2023-42824	The issue was addressed with improved checks. This issue is fixed in iOS 16.7.1 and iPadOS 16.7.1. A local attacker may be able to elevate their...	Apple	iOS and iPadOS	2023-10-05 00:00:00 UTC	CISA
CVE-2023-40044	WS_FTP Server Ad Hoc Transfer Module .NET Deserialization Vulnerability	Progress Software Corporation	WS_FTP Server	2023-10-05 00:00:00 UTC	CISA
CVE-2023-22515	Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown...	Atlassian	Confluence Data Center, Confluence Server	2023-10-05 00:00:00 UTC	CISA
CVE-2023-42793	In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was possible	JetBrains	TeamCity	2023-10-04 00:00:00 UTC	CISA
CVE-2023-28229	Windows CNG Key Isolation Service Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-10-04 00:00:00 UTC	CISA
CVE-2023-4211	Mali GPU Kernel Driver Allows Improper GPU Memory Processing Operations	Arm Ltd	Midgard GPU Kernel Driver, Bifrost GPU Kernel Driver, Valhall GPU Kernel Driver, Arm 5th Gen GPU Architecture Kernel Driver	2023-10-03 00:00:00 UTC	CISA
CVE-2023-5217	Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially...	Google	Chrome, libvpx	2023-10-02 00:00:00 UTC	CISA
CVE-2018-14667	The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserResource resource. A remote,...	[UNKNOWN]	RichFaces	2023-09-28 00:00:00 UTC	CISA
CVE-2023-41993	The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14. Processing web content may lead to arbitrary code execution....	Apple	macOS	2023-09-25 00:00:00 UTC	CISA
CVE-2023-41992	The issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7, iOS 16.7 and iPadOS 16.7, macOS Ventura 13.6. A local...	Apple	macOS, iOS and iPadOS	2023-09-25 00:00:00 UTC	CISA
CVE-2023-41991	A certificate validation issue was addressed. This issue is fixed in macOS Ventura 13.6, iOS 16.7 and iPadOS 16.7. A malicious app may be able to...	Apple	iOS and iPadOS, macOS	2023-09-25 00:00:00 UTC	CISA

Displaying vulnerabilities 376 - 400 of 1402 in total