Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2019-8720	A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code...	n/a	webkitgtk	2022-05-23 00:00:00 UTC	CISA
CVE-2019-11708	Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes can result in the non-sandboxed...	Mozilla	Firefox ESR, Firefox, Thunderbird	2022-05-23 00:00:00 UTC	CISA
CVE-2019-11707	A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash....	Mozilla	Firefox ESR, Firefox, Thunderbird	2022-05-23 00:00:00 UTC	CISA
CVE-2019-13720	Use after free in WebAudio in Google Chrome prior to 78.0.3904.87 allowed a remote attacker to potentially exploit heap corruption via a crafted...	Google	Chrome	2022-05-23 00:00:00 UTC	CISA
CVE-2019-0880	A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege...	Microsoft	Windows Server, Windows, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2022-05-23 00:00:00 UTC	CISA
CVE-2019-0703	An information disclosure vulnerability exists in the way that the Windows SMB Server handles certain requests, aka 'Windows SMB Information...	Microsoft	Windows, Windows Server	2022-05-23 00:00:00 UTC	CISA
CVE-2019-5786	Object lifetime issue in Blink in Google Chrome prior to 72.0.3626.121 allowed a remote attacker to potentially perform out of bounds memory access...	Google	Chrome	2022-05-23 00:00:00 UTC	CISA
CVE-2019-0676	An information disclosure vulnerability exists when Internet Explorer improperly handles objects in memory.An attacker who successfully exploited...	Microsoft	Internet Explorer 11, Internet Explorer 10	2022-05-23 00:00:00 UTC	CISA
CVE-2019-7287	A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 12.1.4. An application may be able to execute...	Apple	iOS	2022-05-23 00:00:00 UTC	CISA
CVE-2020-0638	An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.To exploit this vulnerability, an attacker...	Microsoft	Windows, Windows 10 Version 1903 for ARM64-based Systems, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows Server, Windows Server, version 1903 (Server Core installation), Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1909 for ARM64-based Systems	2022-05-23 00:00:00 UTC	CISA
CVE-2020-1027	An elevation of privilege vulnerability exists in the way that the Windows Kernel handles objects in memory, aka 'Windows Kernel Elevation of...	Microsoft	Windows, Windows Server, Windows 10 Version 1909 for 32-bit Systems, Windows 10 Version 1909 for x64-based Systems, Windows 10 Version 1909 for ARM64-based Systems, Windows Server, version 1909 (Server Core installation), Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2022-05-23 00:00:00 UTC	CISA
CVE-2021-30883	A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1,...	Apple	iOS and iPadOS, macOS	2022-05-23 00:00:00 UTC	CISA
CVE-2021-0920	In unix_scm_to_skb of af_unix.c, there is a possible use after free bug due to a race condition. This could lead to local escalation of privilege...	n/a	Android	2022-05-23 00:00:00 UTC	CISA
CVE-2021-1048	In ep_loop_check_proc of eventpoll.c, there is a possible way to corrupt memory due to a use after free. This could lead to local escalation of...	n/a	Android	2022-05-23 00:00:00 UTC	CISA
CVE-2022-20821	Cisco IOS XR Software Health Check Open Port Vulnerability	Cisco	Cisco IOS XR Software	2022-05-23 00:00:00 UTC	CISA
CVE-2022-30525	A OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware versions 5.00 through 5.21 Patch 1, USG FLEX 200 firmware...	Zyxel	USG FLEX 100(W) firmware, USG FLEX 200 firmware, USG FLEX 500 firmware, USG FLEX 700 firmware, ATP series firmware, VPN series firmware, USG FLEX 50(W) firmware, USG 20(W)-VPN firmware	2022-05-16 00:00:00 UTC	CISA
CVE-2022-22947	In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator...	n/a	Spring Cloud Gateway	2022-05-16 00:00:00 UTC	CISA
CVE-2022-1388	On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to...	F5	BIG-IP	2022-05-10 00:00:00 UTC	CISA
CVE-2021-1789	A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina,...	Apple	iOS and iPadOS, macOS	2022-05-04 00:00:00 UTC	CISA
CVE-2014-0322	Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via vectors involving...	n/a	n/a	2022-05-04 00:00:00 UTC	CISA
CVE-2014-0160	The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote...	n/a	n/a	2022-05-04 00:00:00 UTC	CISA
CVE-2019-8506	A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes...	Apple	iOS, tvOS, watchOS, Safari, iTunes for Windows, iCloud for Windows	2022-05-04 00:00:00 UTC	CISA
CVE-2014-4113	win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1,...	n/a	n/a	2022-05-04 00:00:00 UTC	CISA
CVE-2022-26904	Windows User Profile Service Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-04-25 00:00:00 UTC	CISA
CVE-2022-0847	A flaw was found in the way the "flags" member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and...	n/a	kernel	2022-04-25 00:00:00 UTC	CISA

Displaying vulnerabilities 726 - 750 of 1402 in total