Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2023-41179	A vulnerability in the 3rd party AV uninstaller module contained in Trend Micro Apex One (on-prem and SaaS), Worry-Free Business Security and...	Trend Micro, Inc.	Trend Micro Apex One, Trend Micro Worry-Free Business Security, Trend Micro Worry-Free Business Security Services	2023-09-21 00:00:00 UTC	CISA
CVE-2023-28434	MinIO is vulnerable to privilege escalation on Linux/MacOS	minio	minio	2023-09-19 00:00:00 UTC	CISA
CVE-2021-3129	Ignition before 2.5.2, as used in Laravel and other products, allows unauthenticated remote attackers to execute arbitrary code because of insecure...	n/a	n/a	2023-09-18 00:00:00 UTC	CISA
CVE-2017-6884	A command injection vulnerability was discovered on the Zyxel EMG2926 home router with firmware V1.00(AAQT.4)b8. The vulnerability is located in...	n/a	n/a	2023-09-18 00:00:00 UTC	CISA
CVE-2014-8361	The miniigd SOAP service in Realtek SDK allows remote attackers to execute arbitrary code via a crafted NewInternalClient request, as exploited in...	n/a	n/a	2023-09-18 00:00:00 UTC	CISA
CVE-2022-22265	An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code...	Samsung Mobile	Samsung Mobile Devices	2023-09-18 00:00:00 UTC	CISA
CVE-2023-26369	[Google Project Zero] Adobe Acrobat DC OOBW 0-day actively exploited in the wild	Adobe	Acrobat Reader	2023-09-14 00:00:00 UTC	CISA
CVE-2023-35674	In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local...	Google	Android	2023-09-13 00:00:00 UTC	CISA
CVE-2023-20269	A vulnerability in the remote access VPN feature of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD)...	Cisco	Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense Software	2023-09-13 00:00:00 UTC	CISA
CVE-2023-4863	Heap buffer overflow in libwebp in Google Chrome prior to 116.0.5845.187 and libwebp 1.3.2 allowed a remote attacker to perform an out of bounds...	Google	Chrome, libwebp	2023-09-13 00:00:00 UTC	CISA
CVE-2023-36802	Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2	2023-09-12 00:00:00 UTC	CISA
CVE-2023-36761	Microsoft Word Information Disclosure Vulnerability	Microsoft	Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Word 2016, Microsoft Word 2013 Service Pack 1	2023-09-12 00:00:00 UTC	CISA
CVE-2023-41064	A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 16.6.1 and iPadOS 16.6.1, macOS Monterey 12.6.9,...	Apple	macOS, iOS and iPadOS	2023-09-11 00:00:00 UTC	CISA
CVE-2023-41061	A validation issue was addressed with improved logic. This issue is fixed in watchOS 9.6.2, iOS 16.6.1 and iPadOS 16.6.1. A maliciously crafted...	Apple	iOS and iPadOS, watchOS	2023-09-11 00:00:00 UTC	CISA
CVE-2023-33246	Apache RocketMQ: Possible remote code execution vulnerability when using the update configuration function	Apache Software Foundation	Apache RocketMQ	2023-09-06 00:00:00 UTC	CISA
CVE-2023-38831	RARLAB WinRAR before 6.23 allows attackers to execute arbitrary code when a user attempts to view a benign file within a ZIP archive. The issue...	n/a	n/a	2023-08-24 00:00:00 UTC	CISA
CVE-2023-32315	Openfire administration console authentication bypass	igniterealtime	Openfire	2023-08-24 00:00:00 UTC	CISA
CVE-2023-27532	Vulnerability in Veeam Backup & Replication component allows encrypted credentials stored in the configuration database to be obtained. This may...	n/a	Veeam Backup & Replication	2023-08-22 00:00:00 UTC	CISA
CVE-2023-38035	A security vulnerability in MICS Admin Portal in Ivanti MobileIron Sentry versions 9.18.0 and below, which may allow an attacker to bypass...	Ivanti	MobileIron Sentry	2023-08-22 00:00:00 UTC	CISA
CVE-2023-26359	Adobe ColdFusion Deserialization of Untrusted Data Arbitrary code execution	Adobe	ColdFusion	2023-08-21 00:00:00 UTC	CISA
CVE-2023-24489	A vulnerability has been discovered in the customer-managed ShareFile storage zones controller which, if exploited, could allow an unauthenticated...	Citrix	Citrix ShareFile Storage Zones Controller	2023-08-16 00:00:00 UTC	CISA
CVE-2023-38180	.NET and Visual Studio Denial of Service Vulnerability	Microsoft	ASP.NET Core 2.1, .NET 6.0, .NET 7.0, Microsoft Visual Studio 2022 version 17.2, Microsoft Visual Studio 2022 version 17.4, Microsoft Visual Studio 2022 version 17.6	2023-08-09 00:00:00 UTC	CISA
CVE-2017-18368	The ZyXEL P660HN-T1A v1 TCLinux Fw $7.3.15.0 v001 / 3.40(ULM.0)b31 router distributed by TrueOnline has a command injection vulnerability in the...	n/a	n/a	2023-08-07 00:00:00 UTC	CISA
CVE-2023-35081	A path traversal vulnerability in Ivanti EPMM versions (11.10.x < 11.10.0.3, 11.9.x < 11.9.1.2 and 11.8.x < 11.8.1.2) allows an authenticated...	Ivanti	EPMM	2023-07-31 00:00:00 UTC	CISA
CVE-2023-37580	Zimbra Collaboration (ZCS) 8 before 8.8.15 Patch 41 allows XSS in the Zimbra Classic Web Client.	n/a	n/a	2023-07-27 00:00:00 UTC	CISA

Displaying vulnerabilities 401 - 425 of 1402 in total