Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2022-41125	Windows CNG Key Isolation Service Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 8.1, Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-11-08 00:00:00 UTC	CISA
CVE-2021-25370	An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel...	Samsung Mobile	Samsung Mobile Devices	2022-11-08 00:00:00 UTC	CISA
CVE-2021-25369	An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.	Samsung Mobile	Samsung Mobile Devices	2022-11-08 00:00:00 UTC	CISA
CVE-2021-25337	Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or...	Samsung Mobile	Samsung Mobile Devices	2022-11-08 00:00:00 UTC	CISA
CVE-2022-41128	Windows Scripting Languages Remote Code Execution Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 R2 Service Pack 1, Windows Server 2012, Windows Server 2012 R2	2022-11-08 00:00:00 UTC	CISA
CVE-2022-3723	Type confusion in V8 in Google Chrome prior to 107.0.5304.87 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML...	Google	Chrome	2022-10-28 00:00:00 UTC	CISA
CVE-2022-42827	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 15.7.1 and iPadOS 15.7.1, iOS 16.1 and iPadOS...	Apple	iOS and iPadOS	2022-10-25 00:00:00 UTC	CISA
CVE-2020-3153	Cisco AnyConnect Secure Mobility Client for Windows Uncontrolled Search Path Vulnerability	Cisco	Cisco AnyConnect Secure Mobility Client	2022-10-24 00:00:00 UTC	CISA
CVE-2020-3433	Cisco AnyConnect Secure Mobility Client for Windows DLL Hijacking Vulnerability	Cisco	Cisco AnyConnect Secure Mobility Client	2022-10-24 00:00:00 UTC	CISA
CVE-2018-19323	The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC...	n/a	n/a	2022-10-24 00:00:00 UTC	CISA
CVE-2018-19320	The GDrv low-level driver in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before 1.26, and OC...	n/a	n/a	2022-10-24 00:00:00 UTC	CISA
CVE-2018-19321	The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before...	n/a	n/a	2022-10-24 00:00:00 UTC	CISA
CVE-2018-19322	The GPCIDrv and GDrv low-level drivers in GIGABYTE APP Center v1.05.21 and earlier, AORUS GRAPHICS ENGINE before 1.57, XTREME GAMING ENGINE before...	n/a	n/a	2022-10-24 00:00:00 UTC	CISA
CVE-2021-3493	The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on...	Ubuntu	linux kernel	2022-10-20 00:00:00 UTC	CISA
CVE-2022-41352	An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavis via a cpio loophole...	n/a	n/a	2022-10-20 00:00:00 UTC	CISA
CVE-2022-40684	An authentication bypass using an alternate path or channel [CWE-288] in Fortinet FortiOS version 7.2.0 through 7.2.1 and 7.0.0 through 7.0.6,...	Fortinet	Fortinet FortiOS, FortiProxy, FortiSwitchManager	2022-10-11 00:00:00 UTC	CISA
CVE-2022-41033	Windows COM+ Event System Service Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-10-11 00:00:00 UTC	CISA
CVE-2022-41082	Microsoft Exchange Server Remote Code Execution Vulnerability	Microsoft	Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 23	2022-09-30 00:00:00 UTC	CISA
CVE-2022-41040	Microsoft Exchange Server Elevation of Privilege Vulnerability	Microsoft	Microsoft Exchange Server 2013 Cumulative Update 23, Microsoft Exchange Server 2016 Cumulative Update 22, Microsoft Exchange Server 2019 Cumulative Update 11, Microsoft Exchange Server 2019 Cumulative Update 12, Microsoft Exchange Server 2016 Cumulative Update 23	2022-09-30 00:00:00 UTC	CISA
CVE-2022-36804	Multiple API endpoints in Atlassian Bitbucket Server and Data Center 7.0.0 before version 7.6.17, from version 7.7.0 before version 7.17.10, from...	Atlassian	Bitbucket Server, Bitbucket Data Center	2022-09-30 00:00:00 UTC	CISA
CVE-2022-3236	A code injection vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v19.0 MR1 and...	Sophos	Sophos Firewall	2022-09-23 00:00:00 UTC	CISA
CVE-2022-35405	Zoho ManageEngine Password Manager Pro before 12101 and PAM360 before 5510 are vulnerable to unauthenticated remote code execution. (This also...	n/a	n/a	2022-09-22 00:00:00 UTC	CISA
CVE-2022-40139	Improper validation of some components used by the rollback mechanism in Trend Micro Apex One and Trend Micro Apex One as a Service clients could...	Trend Micro	Trend Micro Apex One	2022-09-15 00:00:00 UTC	CISA
CVE-2013-6282	The (1) get_user and (2) put_user API functions in the Linux kernel before 3.5.5 on the v6k and v7 ARM platforms do not validate certain addresses,...	n/a	n/a	2022-09-15 00:00:00 UTC	CISA
CVE-2013-2094	The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local...	n/a	n/a	2022-09-15 00:00:00 UTC	CISA

Displaying vulnerabilities 551 - 575 of 1402 in total