Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2023-23376	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-02-14 00:00:00 UTC	CISA
CVE-2015-2291	(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a...	n/a	n/a	2023-02-10 00:00:00 UTC	CISA
CVE-2023-0669	Fortra GoAnywhere MFT License Response Servlet Command Injection	Fortra	Goanywhere MFT	2023-02-10 00:00:00 UTC	CISA
CVE-2022-24990	TerraMaster NAS 4.2.29 and earlier allows remote attackers to discover the administrative password by sending "User-Agent: TNAS" to...	n/a	n/a	2023-02-10 00:00:00 UTC	CISA
CVE-2023-22952	In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation.	n/a	n/a	2023-02-02 00:00:00 UTC	CISA
CVE-2022-21587	Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are...	Oracle Corporation	Web Applications Desktop Integrator	2023-02-02 00:00:00 UTC	CISA
CVE-2017-11357	Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to...	n/a	n/a	2023-01-26 00:00:00 UTC	CISA
CVE-2022-47966	Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache Santuario...	n/a	n/a	2023-01-23 00:00:00 UTC	CISA
CVE-2022-44877	login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via...	n/a	n/a	2023-01-17 00:00:00 UTC	CISA
CVE-2023-21674	Windows Advanced Local Procedure Call (ALPC) Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2023-01-10 00:00:00 UTC	CISA
CVE-2022-41080	Microsoft Exchange Server Elevation of Privilege Vulnerability	Microsoft	Microsoft Exchange Server 2016 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2016 Cumulative Update 22	2023-01-10 00:00:00 UTC	CISA
CVE-2018-5430	TIBCO JasperReports Server Information Disclosure Vulnerability	TIBCO Software Inc.	TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS	2022-12-29 00:00:00 UTC	CISA
CVE-2018-18809	TIBCO JasperReports Library Directory Traversal Vulnerability	TIBCO Software Inc.	TIBCO JasperReports Library, TIBCO JasperReports Library Community Edition, TIBCO JasperReports Library for ActiveMatrix BPM, TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for ActiveMatrix BPM, TIBCO Jaspersoft for AWS with Multi-Tenancy, TIBCO Jaspersoft Reporting and Analytics for AWS	2022-12-29 00:00:00 UTC	CISA
CVE-2022-42856	A type confusion issue was addressed with improved state handling. This issue is fixed in Safari 16.2, tvOS 16.2, macOS Ventura 13.1, iOS 15.7.2...	Apple	tvOS	2022-12-14 00:00:00 UTC	CISA
CVE-2022-27518	Unauthenticated remote arbitrary code execution	Citrix	Citrix Gateway, Citrix ADC	2022-12-13 00:00:00 UTC	CISA
CVE-2022-44698	Windows SmartScreen Security Feature Bypass Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 22H2, Windows 10 Version 1607, Windows Server 2016	2022-12-13 00:00:00 UTC	CISA
CVE-2022-42475	A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN 7.2.0 through 7.2.2, 7.0.0 through 7.0.8, 6.4.0 through 6.4.10, 6.2.0...	Fortinet	FortiProxy, FortiOS	2022-12-13 00:00:00 UTC	CISA
CVE-2022-26501	Veeam Backup & Replication 10.x and 11.x has Incorrect Access Control (issue 1 of 2).	n/a	n/a	2022-12-13 00:00:00 UTC	CISA
CVE-2022-26500	Improper limitation of path names in Veeam Backup & Replication 9.5U3, 9.5U4,10.x, and 11.x allows remote authenticated users access to internal...	n/a	n/a	2022-12-13 00:00:00 UTC	CISA
CVE-2022-4262	Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2022-12-05 00:00:00 UTC	CISA
CVE-2022-4135	Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121 allowed a remote attacker who had compromised the renderer process to...	Google	Chrome	2022-11-28 00:00:00 UTC	CISA
CVE-2021-35587	Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: OpenSSO Agent). Supported versions that are affected are...	Oracle Corporation	Access Manager	2022-11-28 00:00:00 UTC	CISA
CVE-2022-41049	Windows Mark of the Web Security Feature Bypass Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 11 version 22H2, Windows 10 Version 22H2	2022-11-14 00:00:00 UTC	CISA
CVE-2022-41073	Windows Print Spooler Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-11-08 00:00:00 UTC	CISA
CVE-2022-41091	Windows Mark of the Web Security Feature Bypass Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 11 version 22H2, Windows 10 Version 22H2	2022-11-08 00:00:00 UTC	CISA

Displaying vulnerabilities 526 - 550 of 1402 in total