Keep updated with KEVIntel progress and pro features

Known Exploited Vulnerabilities Intel

This table displays known exploited vulnerabilities (KEVs) that have been cataloged from over 50 public sources, including CISA, and (once we get some hits) our own private sensors. Each entry links to a CVE identifier, where the CVE details are enriched with EPSS scores, online mentions, scanner inclusion, exploitation, and other metadata. The goal is to be an early warning system, even before being published by CISA. More data and features coming soon!

CVE ID	Title	Vendor	Product	Added	Source
CVE-2025-0111	PAN-OS: Authenticated File Read Vulnerability in the Management Web Interface	Palo Alto Networks	Cloud NGFW, PAN-OS, Prisma Access	2025-02-20 00:00:00 UTC	CISA
CVE-2025-23209	Potential RCE with a compromised security key in craft/cms	craftcms	cms	2025-02-20 00:00:00 UTC	CISA
CVE-2024-53704	An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication.	SonicWall	SonicOS	2025-02-18 00:00:00 UTC	CISA
CVE-2025-0108	PAN-OS: Authentication Bypass in the Management Web Interface	Palo Alto Networks	Cloud NGFW, PAN-OS, Prisma Access	2025-02-18 00:00:00 UTC	CISA
CVE-2024-57727	SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote...	n/a	n/a	2025-02-13 00:00:00 UTC	CISA
CVE-2024-41710	A vulnerability in the Mitel 6800 Series, 6900 Series, and 6900w Series SIP Phones, including the 6970 Conference Unit, through R6.4.0.HF1...	n/a	n/a	2025-02-12 00:00:00 UTC	CISA
CVE-2025-24200	An authorization issue was addressed with improved state management. This issue is fixed in iPadOS 17.7.5, iOS 18.3.1 and iPadOS 18.3.1. A physical...	Apple	iPadOS, iOS and iPadOS	2025-02-12 00:00:00 UTC	CISA
CVE-2025-21391	Windows Storage Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation)	2025-02-11 00:00:00 UTC	CISA
CVE-2025-21418	Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability	Microsoft	Windows 10 Version 1809, Windows Server 2019, Windows Server 2019 (Server Core installation), Windows Server 2022, Windows 10 Version 21H2, Windows 11 version 22H2, Windows 10 Version 22H2, Windows Server 2025 (Server Core installation), Windows 11 version 22H3, Windows 11 Version 23H2, Windows Server 2022, 23H2 Edition (Server Core installation), Windows 11 Version 24H2, Windows Server 2025, Windows 10 Version 1507, Windows 10 Version 1607, Windows Server 2016, Windows Server 2016 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 Service Pack 2 (Server Core installation), Windows Server 2008 Service Pack 2, Windows Server 2008 R2 Service Pack 1, Windows Server 2008 R2 Service Pack 1 (Server Core installation), Windows Server 2012, Windows Server 2012 (Server Core installation), Windows Server 2012 R2, Windows Server 2012 R2 (Server Core installation)	2025-02-11 00:00:00 UTC	CISA
CVE-2024-40890	UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the CGI program of the legacy DSL CPE Zyxel VMG4325-B10A...	Zyxel	VMG4325-B10A firmware	2025-02-11 00:00:00 UTC	CISA
CVE-2024-40891	UNSUPPORTED WHEN ASSIGNED A post-authentication command injection vulnerability in the management commands of the legacy DSL CPE Zyxel...	Zyxel	VMG4325-B10A firmware	2025-02-11 00:00:00 UTC	CISA
CVE-2025-0994	Trimble Cityworks versions prior to 15.8.9 and Cityworks with office companion versions prior to 23.10 are vulnerable to a deserialization...	Trimble	Cityworks, Cityworks (with office companion)	2025-02-07 00:00:00 UTC	CISA
CVE-2020-15069	Sophos XG Firewall 17.x through v17.5 MR12 allows a Buffer Overflow and remote code execution via the HTTP/S Bookmarks feature for clientless...	n/a	n/a	2025-02-06 00:00:00 UTC	CISA
CVE-2025-0411	7-Zip Mark-of-the-Web Bypass Vulnerability	7-Zip	7-Zip	2025-02-06 00:00:00 UTC	CISA
CVE-2022-23748	mDNSResponder.exe is vulnerable to DLL Sideloading attack. Executable improperly specifies how to load the DLL, from which folder and under what...	n/a	Audinate Dante Application Library for Windows	2025-02-06 00:00:00 UTC	CISA
CVE-2024-21413	Microsoft Outlook Remote Code Execution Vulnerability	Microsoft	Microsoft Office 2019, Microsoft 365 Apps for Enterprise, Microsoft Office LTSC 2021, Microsoft Office 2016	2025-02-06 00:00:00 UTC	CISA
CVE-2020-29574	An SQL injection vulnerability in the WebAdmin of Cyberoam OS through 2020-12-04 allows unauthenticated attackers to execute arbitrary SQL...	n/a	n/a	2025-02-06 00:00:00 UTC	CISA
CVE-2024-53104	media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format	Linux	Linux	2025-02-05 00:00:00 UTC	CISA
CVE-2018-9276	An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with...	n/a	n/a	2025-02-04 00:00:00 UTC	CISA
CVE-2018-19410	PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges (including...	n/a	n/a	2025-02-04 00:00:00 UTC	CISA
CVE-2024-29059	.NET Framework Information Disclosure Vulnerability	Microsoft	Microsoft .NET Framework 4.8, Microsoft .NET Framework 3.5 AND 4.8, Microsoft .NET Framework 3.5 AND 4.7.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, Microsoft .NET Framework 3.5 AND 4.8.1, Microsoft .NET Framework 4.6.2, Microsoft .NET Framework 3.5 AND 4.6/4.6.2, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1	2025-02-04 00:00:00 UTC	CISA
CVE-2024-45195	Apache OFBiz: Confused controller-view authorization logic (forced browsing)	Apache Software Foundation	Apache OFBiz	2025-02-04 00:00:00 UTC	CISA
CVE-2025-24085	A use after free issue was addressed with improved memory management. This issue is fixed in visionOS 2.3, iOS 18.3 and iPadOS 18.3, macOS Sequoia...	Apple	visionOS, tvOS, macOS, watchOS, iOS and iPadOS	2025-01-29 00:00:00 UTC	CISA
CVE-2025-23006	Pre-authentication deserialization of untrusted data vulnerability has been identified in the SMA1000 Appliance Management Console (AMC) and...	SonicWall	SMA1000	2025-01-24 00:00:00 UTC	CISA
CVE-2020-11023	Potential XSS vulnerability in jQuery	jquery	jQuery	2025-01-23 00:00:00 UTC	CISA

Displaying vulnerabilities 126 - 150 of 1400 in total