Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2021-22941	Improper Access Control in Citrix ShareFile storage zones controller before 5.11.20 may allow an unauthenticated attacker to remotely compromise...	n/a	Citrix ShareFile storage zones controller	2022-03-25 00:00:00 UTC	CISA
CVE-2021-42237	Sitecore XP 7.5 Initial Release to Sitecore XP 8.2 Update-7 is vulnerable to an insecure deserialization attack where it is possible to achieve...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2022-21999	Windows Print Spooler Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows 10 Version 1909, Windows 10 Version 21H1, Windows Server 2022, Windows 10 Version 20H2, Windows Server version 20H2, Windows 11 version 21H2, Windows 10 Version 21H2, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows 7, Windows 7 Service Pack 1, Windows 8.1, Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2022-03-25 00:00:00 UTC	CISA
CVE-2022-26143	The TP-240 (aka tp240dvr) component in Mitel MiCollab before 9.4 SP1 FP1 and MiVoice Business Express through 8.1 allows remote attackers to obtain...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2022-26318	On WatchGuard Firebox and XTM appliances, an unauthenticated user can execute arbitrary code, aka FBX-22786. This vulnerability impacts Fireware OS...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2005-2773	HP OpenView Network Node Manager 6.2 through 7.50 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) node...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2009-0927	Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2009-1151	Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2009-2055	Cisco IOS XR 3.4.0 through 3.8.1 allows remote attackers to cause a denial of service (session reset) via a BGP UPDATE message with an invalid...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2010-2861	Multiple directory traversal vulnerabilities in the administrator console in Adobe ColdFusion 9.0.1 and earlier allow remote attackers to read...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2010-3035	Cisco IOS XR 3.4.0 through 3.9.1, when BGP is enabled, does not properly handle unrecognized transitive attributes, which allows remote attackers...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2010-4344	Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2010-4345	Exim 4.72 and earlier allows local users to gain privileges by leveraging the ability of the exim user account to specify an alternate...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2012-1823	sapi/cgi/cgi_main.c in PHP before 5.3.12 and 5.4.x before 5.4.2, when configured as a CGI script (aka php-cgi), does not properly handle query...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2013-2251	Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2)...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2013-4810	HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, Identity Driven Manager (IDM) 4.0, and Application Lifecycle Management allow remote...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2014-0130	Directory traversal vulnerability in actionpack/lib/abstract_controller/base.rb in the implicit-render implementation in Ruby on Rails before...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2014-3120	The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2014-6287	The findMacroMarker function in parserLib.pas in Rejetto HTTP File Server (aks HFS or HttpFileServer) 2.3x before 2.3c allows remote attackers to...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2014-6324	The Kerberos Key Distribution Center (KDC) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2014-6332	OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2015-0666	Directory traversal vulnerability in the fmserver servlet in Cisco Prime Data Center Network Manager (DCNM) before 7.1(1) allows remote attackers...	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2015-1187	The ping tool in multiple D-Link and TRENDnet devices allow remote attackers to execute arbitrary code via the ping_addr parameter to ping.ccp.	n/a	n/a	2022-03-25 00:00:00 UTC	CISA
CVE-2019-1129	An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation...	Microsoft	Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2022-03-15 00:00:00 UTC	CISA
CVE-2019-1132	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k...	Microsoft	Windows, Windows Server	2022-03-15 00:00:00 UTC	CISA

Displaying vulnerabilities 876 - 900 of 1402 in total