Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2015-2502	Microsoft Internet Explorer 7 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a...	n/a	n/a	2022-04-13 00:00:00 UTC	CISA
CVE-2015-0313	Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before...	n/a	n/a	2022-04-13 00:00:00 UTC	CISA
CVE-2014-9163	Stack-based buffer overflow in Adobe Flash Player before 13.0.0.259 and 14.x and 15.x before 15.0.0.246 on Windows and OS X and before 11.2.202.425...	n/a	n/a	2022-04-13 00:00:00 UTC	CISA
CVE-2022-23176	WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management...	n/a	n/a	2022-04-11 00:00:00 UTC	CISA
CVE-2017-11317	Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows...	n/a	n/a	2022-04-11 00:00:00 UTC	CISA
CVE-2020-2509	Command Injection Vulnerability in QTS and QuTS hero	QNAP Systems Inc.	QTS, QuTS hero	2022-04-11 00:00:00 UTC	CISA
CVE-2021-22600	Double Free in net/packet/af_packet.c leading to priviledge escalation	Linux Kernel	Kernel	2022-04-11 00:00:00 UTC	CISA
CVE-2021-27852	Deserialization of Untrusted Data vulnerability in CheckboxWeb.dll of Checkbox Survey allows an unauthenticated remote attacker to execute...	Checkbox	Survey	2022-04-11 00:00:00 UTC	CISA
CVE-2021-39793	In kbase_jd_user_buf_pin_pages of mali_kbase_mem.c, there is a possible out of bounds write due to a logic error in the code. This could lead to...	n/a	Android	2022-04-11 00:00:00 UTC	CISA
CVE-2021-42278	Active Directory Domain Services Elevation of Privilege Vulnerability	Microsoft	Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server version 2004, Windows Server version 20H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-04-11 00:00:00 UTC	CISA
CVE-2021-42287	Active Directory Domain Services Elevation of Privilege Vulnerability	Microsoft	Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows Server version 2004, Windows Server version 20H2, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-04-11 00:00:00 UTC	CISA
CVE-2017-0148	The SMBv1 server in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2;...	Microsoft Corporation	Windows SMB	2022-04-06 00:00:00 UTC	CISA
CVE-2021-31166	HTTP Protocol Stack Remote Code Execution Vulnerability	Microsoft	Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2	2022-04-06 00:00:00 UTC	CISA
CVE-2021-3156	Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via...	n/a	n/a	2022-04-06 00:00:00 UTC	CISA
CVE-2022-22675	An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 15.5, watchOS 8.6, macOS Big Sur 11.6.6,...	Apple	iOS and iPadOS, macOS, watchOS	2022-04-04 00:00:00 UTC	CISA
CVE-2022-22965	A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific...	n/a	Spring Framework	2022-04-04 00:00:00 UTC	CISA
CVE-2022-22674	An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is...	Apple	macOS	2022-04-04 00:00:00 UTC	CISA
CVE-2021-45382	A Remote Command Execution (RCE) vulnerability exists in all series H/W revisions D-link DIR-810L, DIR-820L/LW, DIR-826L, DIR-830L, and DIR-836L...	n/a	n/a	2022-04-04 00:00:00 UTC	CISA
CVE-2021-28799	Improper Authorization Vulnerability in HBS 3 (Hybrid Backup Sync)	QNAP Systems Inc.	HBS 3, HBS 2, HBS 1.3	2022-03-31 00:00:00 UTC	CISA
CVE-2018-10562	An issue was discovered on Dasan GPON home routers. Command Injection can occur via the dest_host parameter in a diag_action=ping request to a...	n/a	n/a	2022-03-31 00:00:00 UTC	CISA
CVE-2018-10561	An issue was discovered on Dasan GPON home routers. It is possible to bypass authentication simply by appending "?images" to any URL of the device...	n/a	n/a	2022-03-31 00:00:00 UTC	CISA
CVE-2022-26871	An arbitrary file upload vulnerability in Trend Micro Apex Central could allow an unauthenticated remote attacker to upload an arbitrary file which...	Trend Micro	Trend Micro Apex Central	2022-03-31 00:00:00 UTC	CISA
CVE-2022-1040	An authentication bypass vulnerability in the User Portal and Webadmin allows a remote attacker to execute code in Sophos Firewall version v18.5...	Sophos	Sophos Firewall	2022-03-31 00:00:00 UTC	CISA
CVE-2021-34484	Windows User Profile Service Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows 10 Version 2004, Windows Server version 2004, Windows 10 Version 20H2, Windows Server version 20H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-03-31 00:00:00 UTC	CISA
CVE-2021-21551	Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or...	Dell	dbutil	2022-03-31 00:00:00 UTC	CISA

Displaying vulnerabilities 776 - 800 of 1402 in total