Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2015-4852	The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2020-14750	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are...	Oracle Corporation	WebLogic Server	2021-11-03 00:00:00 UTC	CISA
CVE-2020-14882	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are...	Oracle Corporation	WebLogic Server	2021-11-03 00:00:00 UTC	CISA
CVE-2020-14883	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are...	Oracle Corporation	WebLogic Server	2021-11-03 00:00:00 UTC	CISA
CVE-2020-8644	PlaySMS before 1.4.3 does not sanitize inputs from a malicious string.	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2019-18935	Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2021-22893	Pulse Connect Secure 9.0R3/9.1R1 and higher is vulnerable to an authentication bypass vulnerability exposed by the Windows File Share Browser and...	n/a	Pulse Connect Secure	2021-11-03 00:00:00 UTC	CISA
CVE-2020-8243	A vulnerability in the Pulse Connect Secure < 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to...	n/a	Pulse Connect Secre	2021-11-03 00:00:00 UTC	CISA
CVE-2021-22900	A vulnerability allowed multiple unrestricted uploads in Pulse Connect Secure before 9.1R11.4 that could lead to an authenticated administrator to...	n/a	Pulse Secure Secure	2021-11-03 00:00:00 UTC	CISA
CVE-2021-22894	A buffer overflow vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to execute arbitrary code as...	n/a	Pulse Connect Secure	2021-11-03 00:00:00 UTC	CISA
CVE-2020-8260	A vulnerability in the Pulse Connect Secure < 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code...	n/a	Pulse Connect Secure / Pulse Policy Secure	2021-11-03 00:00:00 UTC	CISA
CVE-2021-22899	A command injection vulnerability exists in Pulse Connect Secure before 9.1R11.4 allows a remote authenticated attacker to perform remote code...	n/a	Pulse Connect Secure	2021-11-03 00:00:00 UTC	CISA
CVE-2019-11510	In Pulse Secure Pulse Connect Secure (PCS) 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before 9.0R3.4, an unauthenticated remote attacker can...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2019-11539	In Pulse Secure Pulse Connect Secure version 9.0RX before 9.0R3.4, 8.3RX before 8.3R7.1, 8.2RX before 8.2R12.1, and 8.1RX before 8.1R15.1 and Pulse...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2021-1906	Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute,...	Qualcomm, Inc.	Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables	2021-11-03 00:00:00 UTC	CISA
CVE-2021-1905	Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute,...	Qualcomm, Inc.	Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables	2021-11-03 00:00:00 UTC	CISA
CVE-2020-10221	lib/ajaxHandlers/ajaxAddTemplate.php in rConfig through 3.94 allows remote attackers to execute arbitrary OS commands via shell metacharacters in...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2021-35395	Realtek Jungle SDK version v2.x up to v3.4.14B provides an HTTP web server exposing a management interface that can be used to configure the access...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2017-16651	Roundcube Webmail before 1.1.10, 1.2.x before 1.2.7, and 1.3.x before 1.3.3 allows unauthorized access to arbitrary files on the host's filesystem,...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2020-11652	An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class allows access to some...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2020-11651	An issue was discovered in SaltStack Salt before 2019.2.4 and 3000 before 3000.2. The salt-master process ClearFuncs class does not properly...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2020-16846	An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2018-2380	SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus...	SAP SE	SAP CRM	2021-11-03 00:00:00 UTC	CISA
CVE-2010-5326	The Invoker Servlet on SAP NetWeaver Application Server Java platforms, possibly before 7.3, does not require authentication, which allows remote...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2016-9563	BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to conduct XML External Entity (XXE) attacks via the...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 1326 - 1350 of 1400 in total