Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2017-7494	Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to...	Samba	samba	2023-03-30 00:00:00 UTC	CISA
CVE-2022-39197	An XSS (Cross Site Scripting) vulnerability was found in HelpSystems Cobalt Strike through 4.7 that allowed a remote attacker to execute HTML on...	n/a	n/a	2023-03-30 00:00:00 UTC	CISA
CVE-2013-3163	Microsoft Internet Explorer 8 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a...	n/a	n/a	2023-03-30 00:00:00 UTC	CISA
CVE-2022-22706	Arm Mali GPU Kernel Driver allows a non-privileged user to achieve write access to read-only memory pages. This affects Midgard r26p0 through...	n/a	n/a	2023-03-30 00:00:00 UTC	CISA
CVE-2022-3038	Use after free in Network Service in Google Chrome prior to 105.0.5195.52 allowed a remote attacker to potentially exploit heap corruption via a...	Google	Chrome	2023-03-30 00:00:00 UTC	CISA
CVE-2023-0266	Use after free in SNDRV_CTL_IOCTL_ELEM in Linux Kernel	Linux	Linux Kernel	2023-03-30 00:00:00 UTC	CISA
CVE-2022-38181	The Arm Mali GPU kernel driver allows unprivileged users to access freed memory because GPU memory operations are mishandled. This affects Bifrost...	n/a	n/a	2023-03-30 00:00:00 UTC	CISA
CVE-2021-30900	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS...	Apple	iOS and iPadOS	2023-03-30 00:00:00 UTC	CISA
CVE-2023-26360	Adobe ColdFusion Improper Access Control Arbitrary code execution	Adobe	ColdFusion	2023-03-15 00:00:00 UTC	CISA
CVE-2022-41328	A improper limitation of a pathname to a restricted directory vulnerability ('path traversal') [CWE-22] in Fortinet FortiOS version 7.2.0 through...	Fortinet	FortiOS	2023-03-14 00:00:00 UTC	CISA
CVE-2023-24880	Windows SmartScreen Security Feature Bypass Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	2023-03-14 00:00:00 UTC	CISA
CVE-2023-23397	Microsoft Outlook Elevation of Privilege Vulnerability	Microsoft	Microsoft Office LTSC 2021, Microsoft Outlook 2016, Microsoft 365 Apps for Enterprise, Microsoft Office 2019, Microsoft Outlook 2013 Service Pack 1	2023-03-14 00:00:00 UTC	CISA
CVE-2021-39144	XStream is vulnerable to a Remote Command Execution attack	x-stream	xstream	2023-03-10 00:00:00 UTC	CISA
CVE-2020-5741	Deserialization of Untrusted Data in Plex Media Server on Windows allows a remote, authenticated attacker to execute arbitrary Python code.	n/a	Plex Media Server (Windows)	2023-03-10 00:00:00 UTC	CISA
CVE-2022-35914	/vendor/htmlawed/htmlawed/htmLawedTest.php in the htmlawed module for GLPI through 10.0.2 allows PHP code injection.	n/a	n/a	2023-03-07 00:00:00 UTC	CISA
CVE-2022-33891	Apache Spark shell command injection vulnerability via Spark UI	Apache Software Foundation	Apache Spark	2023-03-07 00:00:00 UTC	CISA
CVE-2022-28810	Zoho ManageEngine ADSelfService Plus before build 6122 allows a remote authenticated administrator to execute arbitrary operating OS commands as...	n/a	n/a	2023-03-07 00:00:00 UTC	CISA
CVE-2022-36537	ZK Framework v9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 allows attackers to access sensitive information via a crafted POST request sent to the...	n/a	n/a	2023-02-27 00:00:00 UTC	CISA
CVE-2022-47986	IBM Aspera Faspex code execution	IBM	Aspera Faspex	2023-02-21 00:00:00 UTC	CISA
CVE-2022-40765	A vulnerability in the Edge Gateway component of Mitel MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker with...	n/a	n/a	2023-02-21 00:00:00 UTC	CISA
CVE-2022-41223	The Director database component of MiVoice Connect through 19.3 (22.22.6100.0) could allow an authenticated attacker to conduct a code-injection...	n/a	n/a	2023-02-21 00:00:00 UTC	CISA
CVE-2022-46169	Unauthenticated Command Injection	Cacti	cacti	2023-02-16 00:00:00 UTC	CISA
CVE-2023-21715	Microsoft Publisher Security Feature Bypass Vulnerability	Microsoft	Microsoft 365 Apps for Enterprise	2023-02-14 00:00:00 UTC	CISA
CVE-2023-21823	Windows Graphics Component Remote Code Execution Vulnerability	Microsoft	Microsoft Office for Android, Microsoft Office for Universal, Microsoft Office for iOS, Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-02-14 00:00:00 UTC	CISA
CVE-2023-23529	A type confusion issue was addressed with improved checks. This issue is fixed in iOS 15.7.4 and iPadOS 15.7.4, iOS 16.3.1 and iPadOS 16.3.1, macOS...	Apple	iOS and iPadOS, Safari, macOS	2023-02-14 00:00:00 UTC	CISA

Displaying vulnerabilities 501 - 525 of 1402 in total