Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2020-6287	SAP NetWeaver AS JAVA (LM Configuration Wizard), versions - 7.30, 7.31, 7.40, 7.50, does not perform an authentication check which allows an...	SAP SE	SAP NetWeaver AS JAVA (LM Configuration Wizard)	2021-11-03 00:00:00 UTC	CISA
CVE-2020-6207	SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a...	SAP SE	SAP Solution Manager (User Experience Monitoring)	2021-11-03 00:00:00 UTC	CISA
CVE-2016-3976	Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2019-16256	Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2020-10148	SolarWinds Orion API is vulnerable to an authentication bypass that could allow a remote attacker to execute API commands	SolarWinds	Orion Platform	2021-11-03 00:00:00 UTC	CISA
CVE-2021-35211	Serv-U Remote Memory Escape Vulnerability	SolarWinds	Serv-U Managed File Transfer Server and Serv-U Secured FTP	2021-11-03 00:00:00 UTC	CISA
CVE-2016-3643	SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2020-10199	Sonatype Nexus Repository before 3.21.2 allows JavaEL Injection (issue 1 of 2).	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2021-20021	A vulnerability in the SonicWall Email Security version 10.0.9.x allows an attacker to create an administrative account by sending a crafted HTTP...	SonicWall	Email Security	2021-11-03 00:00:00 UTC	CISA
CVE-2019-7481	Vulnerability in SonicWall SMA100 allow unauthenticated user to gain read-only access to unauthorized resources. This vulnerablity impacted SMA100...	SonicWall	SMA100	2021-11-03 00:00:00 UTC	CISA
CVE-2021-20022	SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to upload an arbitrary file to the...	SonicWall	Email Security	2021-11-03 00:00:00 UTC	CISA
CVE-2021-20023	SonicWall Email Security version 10.0.9.x contains a vulnerability that allows a post-authenticated attacker to read an arbitrary file on the...	SonicWall	Email Security	2021-11-03 00:00:00 UTC	CISA
CVE-2021-20016	A SQL-Injection vulnerability in the SonicWall SSLVPN SMA100 product allows a remote unauthenticated attacker to perform SQL query to access...	SonicWall	SonicWall SMA100	2021-11-03 00:00:00 UTC	CISA
CVE-2020-12271	A SQL injection issue was found in SFOS 17.0, 17.1, 17.5, and 18.0 before 2020-04-25 on Sophos XG Firewall devices, as exploited in the wild in...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2020-10181	goform/formEMR30 in Sumavision Enhanced Multimedia Router (EMR) 3.0.4.27 allows creation of arbitrary users with elevated privileges...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2017-6327	The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual...	Symantec Corporation	Messaging Gateway	2021-11-03 00:00:00 UTC	CISA
CVE-2019-18988	TeamViewer Desktop through 14.7.1965 allows a bypass of remote-login access control because the same key is used for different customers'...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2017-9248	Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2021-31755	An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2020-10987	The goform/setUsbUnload endpoint of Tenda AC15 AC1900 version 15.03.05.19 allows remote attackers to execute arbitrary system commands via the...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2018-14558	An issue was discovered on Tenda AC7 devices with firmware through V15.03.06.44_CN(AC7), AC9 devices with firmware through...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2018-20062	An issue was discovered in NoneCms V1.3. thinkphp/library/think/App.php allows remote attackers to execute arbitrary PHP code via crafted use of...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2019-9082	ThinkPHP before 3.2.4, as used in Open Source BMS v1.1.1 and other products, allows Remote Command Execution via...	n/a	n/a	2021-11-03 00:00:00 UTC	CISA
CVE-2019-18187	Trend Micro OfficeScan versions 11.0 and XG (12.0) could be exploited by an attacker utilizing a directory traversal vulnerability to extract files...	Trend Micro	Trend Micro OfficeScan	2021-11-03 00:00:00 UTC	CISA
CVE-2020-8467	A migration tool component of Trend Micro Apex One (2019) and OfficeScan XG contains a vulnerability which could allow remote attackers to execute...	Trend Micro	Trend Micro OfficeScan, Trend Micro Apex One	2021-11-03 00:00:00 UTC	CISA

Displaying vulnerabilities 1351 - 1375 of 1400 in total