Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2019-1315	An elevation of privilege vulnerability exists when Windows Error Reporting manager improperly handles hard links, aka 'Windows Error Reporting...	Microsoft	Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2022-03-15 00:00:00 UTC	CISA
CVE-2019-1322	An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka 'Microsoft Windows Elevation of...	Microsoft	Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2022-03-15 00:00:00 UTC	CISA
CVE-2019-1405	An elevation of privilege vulnerability exists when the Windows Universal Plug and Play (UPnP) service improperly allows COM object creation, aka...	Microsoft	Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2022-03-15 00:00:00 UTC	CISA
CVE-2020-5135	A buffer overflow vulnerability in SonicOS allows a remote attacker to cause Denial of Service (DoS) and potentially execute arbitrary code by...	SonicWall	SonicOS	2022-03-15 00:00:00 UTC	CISA
CVE-2019-0543	An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of...	n/a	n/a	2022-03-15 00:00:00 UTC	CISA
CVE-2018-8120	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka "Win32k...	Microsoft	Windows Server 2008, Windows 7, Windows Server 2008 R2	2022-03-15 00:00:00 UTC	CISA
CVE-2017-0101	The kernel-mode drivers in Transaction Manager in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1, Windows...	Microsoft Corporation	Windows	2022-03-15 00:00:00 UTC	CISA
CVE-2016-3309	The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold...	n/a	n/a	2022-03-15 00:00:00 UTC	CISA
CVE-2015-2546	The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server...	n/a	n/a	2022-03-15 00:00:00 UTC	CISA
CVE-2019-0841	An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation...	Microsoft	Windows, Windows Server	2022-03-15 00:00:00 UTC	CISA
CVE-2019-1064	An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation...	Microsoft	Windows Server, Windows, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2022-03-15 00:00:00 UTC	CISA
CVE-2019-1069	An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations, aka 'Task Scheduler...	Microsoft	Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2022-03-15 00:00:00 UTC	CISA
CVE-2019-1129	An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation...	Microsoft	Windows, Windows Server, Windows 10 Version 1903 for 32-bit Systems, Windows 10 Version 1903 for x64-based Systems, Windows 10 Version 1903 for ARM64-based Systems, Windows Server, version 1903 (Server Core installation)	2022-03-15 00:00:00 UTC	CISA
CVE-2019-1132	An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory, aka 'Win32k...	Microsoft	Windows, Windows Server	2022-03-15 00:00:00 UTC	CISA
CVE-2022-26486	An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escape. We have had reports of attacks in...	Mozilla	Firefox, Firefox ESR, Firefox for Android, Thunderbird, Focus	2022-03-07 00:00:00 UTC	CISA
CVE-2021-21973	The vSphere Client (HTML5) contains an SSRF (Server Side Request Forgery) vulnerability due to improper validation of URLs in a vCenter Server...	n/a	VMware vCenter Server, VMware Cloud Foundation	2022-03-07 00:00:00 UTC	CISA
CVE-2020-8218	A code injection vulnerability exists in Pulse Connect Secure <9.1R8 that allows an attacker to crafted a URI to perform an arbitrary code...	n/a	Pulse Connect Secure	2022-03-07 00:00:00 UTC	CISA
CVE-2019-11581	There was a server-side template injection vulnerability in Jira Server and Data Center, in the ContactAdministrators and the SendBulkMail actions....	Atlassian	Jira Server and Data Center	2022-03-07 00:00:00 UTC	CISA
CVE-2017-6077	ping.cgi on NETGEAR DGN2200 devices with firmware through 10.0.0.50 allows remote authenticated users to execute arbitrary OS commands via shell...	n/a	n/a	2022-03-07 00:00:00 UTC	CISA
CVE-2016-6277	NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before...	n/a	n/a	2022-03-07 00:00:00 UTC	CISA
CVE-2013-0631	Adobe ColdFusion 9.0, 9.0.1, and 9.0.2 allows attackers to obtain sensitive information via unspecified vectors, as exploited in the wild in...	n/a	n/a	2022-03-07 00:00:00 UTC	CISA
CVE-2013-0629	Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10, when a password is not configured, allows attackers to access restricted directories via unspecified...	n/a	n/a	2022-03-07 00:00:00 UTC	CISA
CVE-2013-0625	Adobe ColdFusion 9.0, 9.0.1, and 9.0.2, when a password is not configured, allows remote attackers to bypass authentication and possibly execute...	n/a	n/a	2022-03-07 00:00:00 UTC	CISA
CVE-2009-3960	Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, LiveCycle Data Services 2.5.1, 2.6.1, and 3.0,...	n/a	n/a	2022-03-07 00:00:00 UTC	CISA
CVE-2022-26485	Removing an XSLT parameter during processing could have lead to an exploitable use-after-free. We have had reports of attacks in the wild abusing...	Mozilla	Firefox, Firefox ESR, Firefox for Android, Thunderbird, Focus	2022-03-07 00:00:00 UTC	CISA

Displaying vulnerabilities 901 - 925 of 1403 in total