Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2013-2596	Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android...	n/a	n/a	2022-09-15 00:00:00 UTC	CISA
CVE-2013-2597	Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in...	n/a	n/a	2022-09-15 00:00:00 UTC	CISA
CVE-2010-2568	Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote...	n/a	n/a	2022-09-15 00:00:00 UTC	CISA
CVE-2022-32917	The issue was addressed with improved bounds checks. This issue is fixed in macOS Monterey 12.6, iOS 15.7 and iPadOS 15.7, iOS 16, macOS Big Sur...	Apple	iOS, macOS	2022-09-14 00:00:00 UTC	CISA
CVE-2022-37969	Windows Common Log File System Driver Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-09-14 00:00:00 UTC	CISA
CVE-2018-6530	OS command injection vulnerability in soap.cgi (soapcgi_main in cgibin) in D-Link DIR-880L DIR-880L_REVA_FIRMWARE_PATCH_1.08B04 and previous...	n/a	n/a	2022-09-08 00:00:00 UTC	CISA
CVE-2018-7445	A buffer overflow was found in the MikroTik RouterOS SMB service when processing NetBIOS session request messages. Remote attackers with access to...	n/a	n/a	2022-09-08 00:00:00 UTC	CISA
CVE-2020-9934	An issue existed in the handling of environment variables. This issue was addressed with improved validation. This issue is fixed in iOS 13.6 and...	Apple	iOS, macOS	2022-09-08 00:00:00 UTC	CISA
CVE-2022-26258	D-Link DIR-820L 1.05B03 was discovered to contain remote command execution (RCE) vulnerability via HTTP POST to get set ccp.	n/a	n/a	2022-09-08 00:00:00 UTC	CISA
CVE-2022-27593	DeadBolt Ransomware	QNAP Systems Inc.	Photo Station	2022-09-08 00:00:00 UTC	CISA
CVE-2018-13374	A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the...	Fortinet	Fortinet FortiOS, fortiADC	2022-09-08 00:00:00 UTC	CISA
CVE-2018-2628	Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are...	Oracle Corporation	WebLogic Server	2022-09-08 00:00:00 UTC	CISA
CVE-2022-3075	Insufficient data validation in Mojo in Google Chrome prior to 105.0.5195.102 allowed a remote attacker who had compromised the renderer process to...	Google	Chrome	2022-09-08 00:00:00 UTC	CISA
CVE-2011-1823	The vold volume manager daemon on Android 3.0 and 2.x before 2.3.4 trusts messages that are received from a PF_NETLINK socket, which allows local...	n/a	n/a	2022-09-08 00:00:00 UTC	CISA
CVE-2011-4723	The D-Link DIR-300 router stores cleartext passwords, which allows context-dependent attackers to obtain sensitive information via unspecified...	n/a	n/a	2022-09-08 00:00:00 UTC	CISA
CVE-2017-5521	An issue was discovered on NETGEAR R8500, R8300, R7000, R6400, R7300, R7100LG, R6300v2, WNDR3400v3, WNR3500Lv2, R6250, R6700, R6900, and R8000...	n/a	n/a	2022-09-08 00:00:00 UTC	CISA
CVE-2022-26352	An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02. Attackers can craft a multipart form request to post a file whose...	n/a	n/a	2022-08-25 00:00:00 UTC	CISA
CVE-2022-24706	Remote Code Execution Vulnerability in Packaging	Apache Software Foundation	Apache CouchDB	2022-08-25 00:00:00 UTC	CISA
CVE-2022-22963	In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to...	n/a	Spring Cloud Function	2022-08-25 00:00:00 UTC	CISA
CVE-2022-24112	apisix/batch-requests plugin allows overwriting the X-REAL-IP header	Apache Software Foundation	Apache APISIX	2022-08-25 00:00:00 UTC	CISA
CVE-2020-28949	Archive_Tar through 1.4.10 has :// filename sanitization only to address phar attacks, and thus any other stream-wrapper attack (such as file:// to...	n/a	n/a	2022-08-25 00:00:00 UTC	CISA
CVE-2021-31010	A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8...	Apple	macOS, watchOS	2022-08-25 00:00:00 UTC	CISA
CVE-2020-36193	Tar.php in Archive_Tar through 1.4.11 allows write operations with Directory Traversal due to inadequate checking of symbolic links, a related...	n/a	n/a	2022-08-25 00:00:00 UTC	CISA
CVE-2021-38406	Delta Electronics DOPSoft 2 Out-of-Bounds Write	Delta Electronics	DOPSoft 2	2022-08-25 00:00:00 UTC	CISA
CVE-2021-39226	Snapshot authentication bypass in grafana	grafana	grafana	2022-08-25 00:00:00 UTC	CISA

Displaying vulnerabilities 576 - 600 of 1402 in total